IBM Support

PK46322: HEADERS OF SIZE LARGER THAN 8192 BYTES HANDLED INCORRECTLY BY HTTP SERVER

A fix is available

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Using the plug-in for the IBM HTTP Server for z/OS, user finds
    that large headers (13000+ bytes in his case) are not being
    handled correctly. It looks like the header is being split up
    with a blank line inserted between.
    This works fine with small headers, and when the request is
    directed through the WAS Server.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED: Any user of the HTTP Server for z/OS that    *
    *                 has a client that may send in request        *
    *                 header that is greater than 8k bytes.        *
    ****************************************************************
    * PROBLEM DESCRIPTION: Customer HTTP Request is rejected with  *
    *                      a response code of 400 invalid request. *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The customer HTTP request included a request header that was
    greated than 8k bytes in size.  The HTTP Server for z/OS had a
    maximum size for request headers of 8K which caused the customer
    request to be rejected.
    

Problem conclusion

  • Changed the code of the HTTP Server for z/OS to increase the
    maximum acceptable size of a request header to 24K bytes from 8K
    bytes.  This test is necessary to prevent a never ending read
    loop for malformed headers.
    
    The following COMPID is affected by these changes:
    
    5697D4300 HTTP Server for z/OS  Version 5
    
    PTF07E
    The code changes are stored in CMVC under defect PK46322.
    
    * Cross Reference between External and Internal Names
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK46322

  • Reported component name

    DGW/WAS OS/390

  • Reported component ID

    5697D4300

  • Reported release

    530

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2007-06-01

  • Closed date

    2007-06-20

  • Last modified date

    2007-07-03

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    UK26376

Modules/Macros

  • IMWGSIPC IMWJAV   IMWJJAVA IMWJPR   IMWLACCS
    IMWLACSS IMWLALRT IMWLANCR IMWLASOC IMWLASRT IMWLATMP IMWLATOM
    IMWLAUTL IMWLBAG  IMWLBTRE IMWLCHNK IMWLCKCF IMWLCNTR IMWLCPCV
    IMWLCSR  IMWLDAP  IMWLDATA IMWLDESC IMWLDRBR IMWLERRR IMWLFILE
    IMWLFMT  IMWLFPRT IMWLFTP  IMWLFTPD IMWLGOPH IMWLHASH IMWLICON
    IMWLINIT IMWLISOC IMWLLDSR IMWLLIST IMWLMLTI IMWLNLS  IMWLOOM
    IMWLOS2S IMWLPOOL IMWLPRIO IMWLPRSE IMWLPRTU IMWLSCP1 IMWLSEM4
    IMWLSNPL IMWLSP2  IMWLSTRG IMWLSTRM IMWLTCP  IMWLTFPT IMWLTHD
    IMWLTP   IMWLTPOL IMWLTRCE IMWLUU   IMWLVINT IMWLWILD IMWLWORK
    IMWLWRTR IMWLWUS  IMWNODPI IMWSACL  IMWSADM  IMWSAFIL IMWSAPID
    IMWSAPIP IMWSAPRO IMWSARCV IMWSARGV IMWSASRV IMWSAUTH IMWSBOMB
    IMWSCACF IMWSCACH IMWSCACP IMWSCAGC IMWSCAGL IMWSCALO IMWSCAMA
    IMWSCANE IMWSCAPA IMWSCAQU IMWSCAUR IMWSCAWO IMWSCCHI IMWSCGPR
    IMWSCGUT IMWSCLC  IMWSCNTR IMWSCONF IMWSCONS IMWSDAPI IMWSDMDR
    IMWSDOGC IMWSDSTR IMWSDVAR IMWSENTY IMWSENV  IMWSFCGI IMWSFNM
    IMWSGC   IMWSGLOB IMWSGRP  IMWSHBF  IMWSHEAD IMWSHTHP IMWSIFMS
    IMWSIMGE IMWSIMS  IMWSIUMS IMWSJAPI IMWSJBE  IMWSJCFG IMWSJTHD
    IMWSKILL IMWSLEX  IMWSLOAD IMWSLOG  IMWSLOOP IMWSLSTT IMWSMETH
    IMWSNS   IMWSOSMF IMWSPCA  IMWSPCSP IMWSPDB  IMWSPERF IMWSPEV
    IMWSPF   IMWSPICS IMWSPL   IMWSPRD  IMWSPROC IMWSPW   IMWSQUEU
    IMWSREQ  IMWSRLDB IMWSRNGE IMWSRSP  IMWSRSRT IMWSRTRC IMWSRTRV
    IMWSSCRP IMWSSECP IMWSSGNL IMWSSIO  IMWSSIPC IMWSSNMP IMWSSRC
    IMWSSRER IMWSSRVR IMWSSSI  IMWSSTAT IMWSSTBD IMWSSTHD IMWSSUTL
    IMWSTASH IMWSTEC  IMWSTIMR IMWSTIMU IMWSUID  IMWSUIDU IMWSURDB
    IMWSUSRI IMWYSCNT IMWYSPWD
    

Fix information

  • Fixed component name

    DGW/WAS OS/390

  • Fixed component ID

    5697D4300

Applicable component levels

  • R530 PSY UK26375

       UP07/06/24 P F706

  • R531 PSY UK26376

       UP07/06/24 P F706

Fix is available

  • Select the PTF appropriate for your component level. You will be required to sign in. Distribution on physical media is not available in all countries.

[{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"530","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"530","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
03 July 2007