IBM Support

PK46322: HEADERS OF SIZE LARGER THAN 8192 BYTES HANDLED INCORRECTLY BY HTTP SERVER

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Using the plug-in for the IBM HTTP Server for z/OS, user finds
that large headers (13000+ bytes in his case) are not being
handled correctly. It looks like the header is being split up
with a blank line inserted between.
This works fine with small headers, and when the request is
directed through the WAS Server.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: Any user of the HTTP Server for z/OS that    *
*                 has a client that may send in request        *
*                 header that is greater than 8k bytes.        *
****************************************************************
* PROBLEM DESCRIPTION: Customer HTTP Request is rejected with  *
*                      a response code of 400 invalid request. *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
The customer HTTP request included a request header that was
greated than 8k bytes in size.  The HTTP Server for z/OS had a
maximum size for request headers of 8K which caused the customer
request to be rejected.

    



Problem conclusion


    

  • Changed the code of the HTTP Server for z/OS to increase the
maximum acceptable size of a request header to 24K bytes from 8K
bytes.  This test is necessary to prevent a never ending read
loop for malformed headers.

The following COMPID is affected by these changes:

5697D4300 HTTP Server for z/OS  Version 5

PTF07E
The code changes are stored in CMVC under defect PK46322.

* Cross Reference between External and Internal Names

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK46322
    • 

  • Reported component name
    DGW/WAS OS/390
    • 

  • Reported component ID
    5697D4300
    • 

  • Reported release
    530
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2007-06-01
    • 

  • Closed date
    2007-06-20
    • 

  • Last modified date
    2007-07-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK26376
    

    • 



Modules/Macros


    

  • IMWGSIPC IMWJAV   IMWJJAVA IMWJPR   IMWLACCS
IMWLACSS IMWLALRT IMWLANCR IMWLASOC IMWLASRT IMWLATMP IMWLATOM
IMWLAUTL IMWLBAG  IMWLBTRE IMWLCHNK IMWLCKCF IMWLCNTR IMWLCPCV
IMWLCSR  IMWLDAP  IMWLDATA IMWLDESC IMWLDRBR IMWLERRR IMWLFILE
IMWLFMT  IMWLFPRT IMWLFTP  IMWLFTPD IMWLGOPH IMWLHASH IMWLICON
IMWLINIT IMWLISOC IMWLLDSR IMWLLIST IMWLMLTI IMWLNLS  IMWLOOM
IMWLOS2S IMWLPOOL IMWLPRIO IMWLPRSE IMWLPRTU IMWLSCP1 IMWLSEM4
IMWLSNPL IMWLSP2  IMWLSTRG IMWLSTRM IMWLTCP  IMWLTFPT IMWLTHD
IMWLTP   IMWLTPOL IMWLTRCE IMWLUU   IMWLVINT IMWLWILD IMWLWORK
IMWLWRTR IMWLWUS  IMWNODPI IMWSACL  IMWSADM  IMWSAFIL IMWSAPID
IMWSAPIP IMWSAPRO IMWSARCV IMWSARGV IMWSASRV IMWSAUTH IMWSBOMB
IMWSCACF IMWSCACH IMWSCACP IMWSCAGC IMWSCAGL IMWSCALO IMWSCAMA
IMWSCANE IMWSCAPA IMWSCAQU IMWSCAUR IMWSCAWO IMWSCCHI IMWSCGPR
IMWSCGUT IMWSCLC  IMWSCNTR IMWSCONF IMWSCONS IMWSDAPI IMWSDMDR
IMWSDOGC IMWSDSTR IMWSDVAR IMWSENTY IMWSENV  IMWSFCGI IMWSFNM
IMWSGC   IMWSGLOB IMWSGRP  IMWSHBF  IMWSHEAD IMWSHTHP IMWSIFMS
IMWSIMGE IMWSIMS  IMWSIUMS IMWSJAPI IMWSJBE  IMWSJCFG IMWSJTHD
IMWSKILL IMWSLEX  IMWSLOAD IMWSLOG  IMWSLOOP IMWSLSTT IMWSMETH
IMWSNS   IMWSOSMF IMWSPCA  IMWSPCSP IMWSPDB  IMWSPERF IMWSPEV
IMWSPF   IMWSPICS IMWSPL   IMWSPRD  IMWSPROC IMWSPW   IMWSQUEU
IMWSREQ  IMWSRLDB IMWSRNGE IMWSRSP  IMWSRSRT IMWSRTRC IMWSRTRV
IMWSSCRP IMWSSECP IMWSSGNL IMWSSIO  IMWSSIPC IMWSSNMP IMWSSRC
IMWSSRER IMWSSRVR IMWSSSI  IMWSSTAT IMWSSTBD IMWSSTHD IMWSSUTL
IMWSTASH IMWSTEC  IMWSTIMR IMWSTIMU IMWSUID  IMWSUIDU IMWSURDB
IMWSUSRI IMWYSCNT IMWYSPWD

    



Fix information


    

  • Fixed component name
    DGW/WAS OS/390
    • 

  • Fixed component ID
    5697D4300
    • 



Applicable component levels


    

  • R530  PSY  UK26375
       UP07/06/24  P  F706
    • 

  • R531  PSY  UK26376
       UP07/06/24  P  F706
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SS7K4U","label":"WebSphere Application Server for z\/OS"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"530","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"530","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 July 2007
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback