APAR status
Closed as program error.
Error description
Several special characters are not allowed for HTTP header name, but WebSphere accepts them without any validation.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: All users of IBM WebSphere Application * * Server. * **************************************************************** * PROBLEM DESCRIPTION: HTTP requests that contain HTTP header * * names with invalid characters should be * * rejected. * **************************************************************** * RECOMMENDATION: * **************************************************************** HTTP requests that contain HTTP header names with invalid characters should be rejected.
Problem conclusion
HTTP requests that contain HTTP header names with invalid characters are responded to with a 400 response code. For Liberty: https://github.com/OpenLiberty/open-liberty/pull/24187 The fix for this APAR is targeted for inclusion in fix pack 9.0.5.16, 8.5.5.24 and Liberty 23.0.0.2 (https://github.com/OpenLiberty/open-liberty/issues/24157). For more information, see 'Recommended Updates for WebSphere Application Server': https://www.ibm.com/support/pages/node/715553
Temporary fix
Comments
APAR Information
APAR number
PH52074
Reported component name
WEBSPHERE APP S
Reported component ID
5724J0800
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2023-01-22
Closed date
2023-02-13
Last modified date
2023-02-13
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WEBSPHERE APP S
Fixed component ID
5724J0800
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
14 February 2023