IBM Support

PI51523: HTTP CHANNEL GETCOOKIEVALUE THROWS ARRAYINDEXOUTOFBOUNDS EXCEPTION WHEN COOKIE IS ONLY ONE-DIGIT DOUBLEQUOTE "

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Sending  a single " as a cookie value gives an HTTP error 500
    caused by ArrayIndexOutOfBoundsException
    
    Example:
    
    GET http://localhost:9080/ HTTP/1.1
    Host: localhost:9080
    Connection: keep-alive
    Accept:
    text/html,application/xhtml+xml,application/xml;q=0.9,image/webp
    ,*/*;q=0
    .8
    User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64)
    AppleWebKit/537.36
    (KHTML, like Gecko) Chrome/44.0.2378.0 Safari/537.36
    Accept-Encoding: gzip, deflate, sdch
    Accept-Language: en-US,en;q=0.8
    Cookie: "
    
    
    That results in the following error:
    
    com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E:
    [Servlet Error]-[GenericServletWrapper]:
    java.lang.ArrayIndexOutOfBoundsException: 1
     at
    com.ibm.ws.http.channel.impl.HttpBaseMessageImpl.getCookieValue(
    HttpBaseMessageImpl.java:2801)
    

Local fix

  • no local fix
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server Version    *
    *                  8.0 and 8.5.5 Full Profile and Liberty      *
    *                  Profile 8.5.5 users of the HTTP Channel     *
    ****************************************************************
    * PROBLEM DESCRIPTION: An ArrayIndexOutOfBoundsException is    *
    *                      thrown by HTTPChannel when the value    *
    *                      of a cookie is a single quotation       *
    *                      mark(")                                 *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    When getting the value for a cookie, the HTTP Channel throws
    a java.lang.ArrayIndexOutOfBoundsException if the value is
    exactly a single quotation mark (").
    The following is an example of the exception:
    java.lang.ArrayIndexOutOfBoundsException: Array index out of
    range: 1 at com.ibm.ws.http.channel.impl.HttpBaseMessageImpl.
    getCookieValue(HttpBaseMessageImpl.java:2811)
    at com.ibm.ws.http.channel.impl.HttpRequestMessageImpl.
    getCookieValue(HttpRequestMessageImpl.java:1452)
    at com.ibm.ws.webcontainer.channel.WCCRequestImpl.
    getCookieValue(WCCRequestImpl.java:790)
    at com.ibm.ws.webcontainer.srt.SRTServletRequest.
    getCookieValueAsBytes(SRTServletRequest.java:3024)
    ...
    This results in a "500 Internal Server Error" response.
    

Problem conclusion

  • The HTTP Channel was modified to correctly handle cookies
    whose value is a single quotation mark (").
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 8.0.0.13 and 8.5.5.9.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI51523

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-10-29

  • Closed date

    2016-02-01

  • Last modified date

    2016-02-24

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R800 PSY

       UP

  • R850 PSY

       UP

[{"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0","Line of Business":{"code":"LOB36","label":"IBM Automation"}}]

Document Information

Modified date:
15 October 2021