IBM Support

PI42523: ROOT NOT INJECTED ON URL CONTAINING QUERY BUT OMITTED PATH

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • As defined by RFC 2396, a URI consists of a sequence of four
    main components:
    <scheme>://<authority><path>?<query>
    
    Upon execution of a URI with a query but omitted path, most
    browsers will format the URI and inject a slash '/' as the
    path. However, if WebSphere Application Server were to
    receive a URI with a query but no path, it is deemed as
    malformed and leads to a 400 Bad request error.
    
    For instance:
    http://localhost:9080/?a=b -> 200 OK
    http://localhost:9080?a=b  -> 400 Bad Request
    
    Just as the browsers are doing, and as we do when a URI
    consists of just scheme and authority, the root path '/'
    should be injected when path is omitted.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM WebSphere Application Server Full       *
    *                  Profile Versions 7.0, 8.0, 8.5.5 and        *
    *                  Liberty Profile V8.5.5                      *
    ****************************************************************
    * PROBLEM DESCRIPTION: A response with a 400 status code is    *
    *                      returned if a request is made with a    *
    *                      URI that contains a query string and    *
    *                      empty path.                             *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    According to section 2.7.3 of the HTTP 1.1 specifications
    document, RFC-7230, "an empty path component is equivalent to
    an absolute path of '/', so the normal form is to provide a
    path of '/' instead". The HTTP Channel handles this properly
    when there is no query string in the URI; it does not add the
    path when there is. The latter is treated as a bad request by
    the HTTP Channel, resulting in a response with a status code of
    400. For example, the following URIs would result in a
    response with a status code of 400:
    http://example.com:9080?a=b
    http://example.com?a=b
    

Problem conclusion

  • The HTTP Channel was modified to provide a path of '/' when a
    URI has a query string and an empty path.
    
    The fix for this APAR is currently targeted for inclusion in
    fix packs 7.0.0.41, 8.0.0.12, and 8.5.5.8.  Please refer to
    the Recommended Updates page for delivery information:
    http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI42523

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    850

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2015-06-08

  • Closed date

    2015-08-19

  • Last modified date

    2015-09-09

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 850

Reference #: PI42523

Modified date: 09 September 2015