IBM Support

PK77189: INTRODUCTION OF SECURITY-HEADERS IN SYSTEMERR CAUSING TOOLING ISSUES.

Fixes are available

7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for AIX
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for IBM i
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Windows
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for HP-UX
7.0.0.5: Java SDK 1.6 SR5 Cumulative Fix for WebSphere Application Server
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Solaris
7.0.0.5: WebSphere Application Server V7.0 Fix Pack 5 for Linux
Java SDK 1.5 SR10 Cumulative Fix for WebSphere Application Server
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for IBM i
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for AIX
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Windows
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for HP-UX
7.0.0.7: Java SDK 1.6 SR6 Cumulative Fix for WebSphere Application Server
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Solaris
7.0.0.7: WebSphere Application Server V7.0 Fix Pack 7 for Linux
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for IBM i
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Windows
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for AIX
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for HP-UX
7.0.0.9: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Solaris
7.0.0.9: WebSphere Application Server V7.0 Fix Pack 9 for Linux
6.1.0.31: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for IBM i
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Windows
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for HP-UX
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for AIX
7.0.0.11: Java SDK 1.6 SR7 Cumulative Fix for WebSphere Application Server
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Solaris
7.0.0.11: WebSphere Application Server V7.0 Fix Pack 11 for Linux
6.1.0.33: Java SDK 1.5 SR12 FP1 Cumulative Fix for WebSphere
6.1.0.29: Java SDK 1.5 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
6.1.0.35: Java SDK 1.5 SR12 FP2 Cumulative Fix for WebSphere
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
6.1.0.37: Java SDK 1.5 SR12 FP3 Cumulative Fix for WebSphere
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
6.1.0.39: Java SDK 1.5 SR12 FP4 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
6.1.0.41: Java SDK 1.5 SR12 FP5 Cumulative Fix for WebSphere Application Server
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
6.1.0.43: Java SDK 1.5 SR13 Cumulative Fix for WebSphere Application Server
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
6.1.0.45: Java SDK 1.5 SR14 Cumulative Fix for WebSphere Application Server
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
6.1.0.47: WebSphere Application Server V6.1 Fix Pack 47
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
6.1.0.47: Java SDK 1.5 SR16 Cumulative Fix for WebSphere Application Server
7.0.0.19: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.21: Java SDK 1.6 SR9 FP2 Cumulative Fix for WebSphere
7.0.0.23: Java SDK 1.6 SR10 FP1 Cumulative Fix for WebSphere
7.0.0.25: Java SDK 1.6 SR11 Cumulative Fix for WebSphere Application Server
7.0.0.27: Java SDK 1.6 SR12 Cumulative Fix for WebSphere Application Server
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Headers added to all valid RAS log files were needed to close a
    security hole.  Certain tooling was not prepared to see these
    headers as they assume that anything in SystemErr at all shows a
    problem.  This work is to reduce the size of the header in the
    error files and to have it only occur once. SystemOut unchanged.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of WebSphere Application Server   *
    *                  who use the administrative console to view  *
    *                  logs                                        *
    ****************************************************************
    * PROBLEM DESCRIPTION: Headers were added to SystemErr.log     *
    *                      and native_stderr.log to close a        *
    *                      security hole. Usability concerns       *
    *                      followed.                               *
    ****************************************************************
    * RECOMMENDATION:  Ignore obvious headers when using certain   *
    *                  IDE tools (they will show up on the         *
    *                  console and can be ignored)                 *
    ****************************************************************
    To close a security hole, special RAS headers were added to
    all RAS log files. Several IDEs have special processing on any
    information put into SystemErr.log or native_stderr.log.  Even
    though the data was clearly header only (and labelled as
    such), seeing it in red on the console in these IDEs caused
    some concern.
    

Problem conclusion

  • This fix shortens the headers in SystemErr and native_stderr
    and, for SystemErr, it only renders the header once.  There is
    an environment variable to modify the default behavior. The
    environment variable  java.util.logging.errheading  can be set
    to   limited, full, or none.  limited is default behavior,
    full is old behavior with full headers on each server startup,
    and none is no headers in error files.  This means that those
    files would not be viewable from the Administrative Console.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 6.0.2.35, 6.1.0.23 and 7.0.0.5.  Please refer to the
    Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PK77189

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    61W

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2008-12-09

  • Closed date

    2008-12-16

  • Last modified date

    2008-12-16

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R60A PSY

       UP

  • R60H PSY

       UP

  • R60I PSY

       UP

  • R60P PSY

       UP

  • R60S PSY

       UP

  • R60W PSY

       UP

  • R60Z PSY

       UP

  • R61A PSY

       UP

  • R61H PSY

       UP

  • R61I PSY

       UP

  • R61P PSY

       UP

  • R61S PSY

       UP

  • R61W PSY

       UP

  • R61Z PSY

       UP

  • R700 PSY

       UP

[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSCVS22","label":"General"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"6.1","Edition":"","Line of Business":{"code":"","label":""}}]

Document Information

Modified date:
16 December 2008