Fixes are available
APAR status
Closed as program error.
Error description
mod_cache has a defect which can cause the httpd process to crash when cache is enabled and a maliciously formed Cache-Control request header is received.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: IBM HTTP SERVER configurations with the * * CacheEnable directive active in their configuration * **************************************************************** * PROBLEM DESCRIPTION: mod_cache can be forced to crash a web * * server child process using a malicious request. * **************************************************************** * RECOMMENDATION: Apply this fix or enable the circumvention * * if CacheEnable is used. * **************************************************************** mod_cache does not sanity check certain parts of the request, and can crash the active child process when processing certain invalid requests.
Problem conclusion
mod_cache was updated to validate the critical parts of the request and assumes zero values when the value is not provided. This fix is targeted for: Fix pack 6.1.0.13. Fix pack 6.0.2.23. Cumulative e-fix PK53584 for 2.0.47.1 This vulnerability does not affect IHS 1.3.28.1.
Temporary fix
Comments
APAR Information
APAR number
PK49355
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
61A
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2007-07-19
Closed date
2007-08-16
Last modified date
2007-10-25
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R60A PSN
UP
R60H PSN
UP
R60P PSN
UP
R60I PSN
UP
R60S PSN
UP
R60W PSN
UP
R60Z PSN
UP
R61A PSN
UP
R61H PSN
UP
R61P PSN
UP
R61I PSN
UP
R61S PSN
UP
R61W PSN
UP
R61Z PSN
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTJ","label":"IBM HTTP Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Line of Business":{"code":"LOB45","label":"Automation"}}]
Document Information
Modified date:
07 September 2022