A fix is available
APAR status
Closed as program error.
Error description
Customer testing has revealed a potential security vulnerability in our internal http component TRACE method.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All ITMS/ENGINE users. * **************************************************************** * PROBLEM DESCRIPTION: CODE SCANS RECOMMENDED METHOD CALLS * * THAT COULD BE REMOVED. * **************************************************************** * RECOMMENDATION: Apply the PTF. * **************************************************************** Two unimplemented methods TRACE and DELETE were removed from the available HTTP methods for the KDH server.
Problem conclusion
The two methods of the internal HTTP component have been removed.
Temporary fix
Comments
APAR Information
APAR number
OA41838
Reported component name
CT/ENGINE
Reported component ID
5608A41CE
Reported release
623
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-03-29
Closed date
2013-04-25
Last modified date
2013-05-03
APAR is sysrouted FROM one or more of the following:
IV23864
APAR is sysrouted TO one or more of the following:
Modules/Macros
KDELIB
Fix information
Fixed component name
CT/ENGINE
Fixed component ID
5608A41CE
Applicable component levels
R623 PSY UA68940
UP13/04/30 P F304
Fix is available
Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSC6ML7","label":"IBM Tivoli OMEGAMON CT\/ENGINE"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"623","Edition":"","Line of Business":{"code":"","label":""}}]
Document Information
Modified date:
03 May 2013