Skip to main content

PK27875: IBM HTTP SERVER 1.3.26 AND 1.3.28 CUMULATIVE E-FIX

A fix is available

PK63273; 1.3.28.1: IBM HTTP Server 1.3.28 Cumulative Interim Fix

 

APAR status

  • Closed as program error.

Error description

  • This interim fix corrects several problems which were resolved
after the previous interim fix, PK16139.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: IBM HTTP SERVER 1.3.26.x/1.3.28.x users      *
****************************************************************
* PROBLEM DESCRIPTION: CVE-2005-3918, CVE-2006-3747 security   *
* exposures and other problems resolved after PK16139          *
****************************************************************
* RECOMMENDATION: This cumulative fix is recommended for all   *
* installations because CVE-2006-3918 (PK24631) is a potential *
* concern regardless of configuration.                         *
****************************************************************
1.3.26.2 fixes which are new with this interim fix:
- PK19060 Retry connection to LDAP server immediately
after connection drop
- PK24631 CVE-2006-3918 Escape value of Expect header in error
response to invalid Expect
- PK28587 LDAP cache expiration time was not always honored
- CMVC 84947 Fix crash in mod_ibm_ssl when using client
certificate authentication
- CMVC 84949 Fix crash in mod_ibm_ssl when SSL debug trace is
enabled and client certificate validation is configured
1.3.26.2 fixes which were in previous interim fixes:
- PK13959 CVE-2005-2088 HTTP proxy vulnerability
- CVE-2005-3352 mod_imap cross-site scripting vulnerability
- resolve Linux/x86 startup failures when /etc/nsswitch.conf
specifies LDAP for name resolution, caused by dropped library
support in RedHat Advanced Server 3.0 Update 4 and SLES 9
- mod_ibm_ldap: When user id is locked, return 401 instead of
503 and record the problem in error log
- mod_ibm_ldap: Provide LdapReferralHopLimit directive to
control how many referrals are allowed
- mod_ibm_ldap: improve tracing
- allow mod_net_trace to trace writev error
- mod_ibm_ssl on Linux and Unix: resolve double-free error
when  interfacing with sidd
- Linux for pSeries and zSeries: Remove dependency on
external expat library
- PK07747: IHS VIRTUAL HOST NO LONGER WORKS AFTER
INSTALLATION OF MICROSOFT SECURITY PATCH MS05-019
- PK05084 CAN-2004-0940 mod_include possible buffer
overflow
- Track active plug-in module when ExtendedStatus is On.
"/server-status/?showmodule" can display it.
- Unix: Log errno string for sidd connect failures
- CAN-2003-0987 mod_digest nonce exposure
- CAN-2002-0843 ab exposure
- CAN-2003-0020 Strip control characters before logging to
ErrorLog
- PK03424 Windows: Fix mod_rewrite RewriteLog reliability
problem on Windows
- mod_log_config sometimes logged "0" instead of "-" for %b
format
- AIX: enable full core dump automatically for httpd
crashes
- AIX: set default AcceptMutex type to fcntl instead of
pthread
- Fix child process crash in ap_bhalfduplex().
- PQ92124 HTTP POSTs fail or hang when Afpa is enabled; When
Afpa is enabled on Windows, HTTP POST requests may
occasionally appear to hang and eventually time out with an
error.
- PQ89899 CAN-2004-0492 crash in mod_proxy
- PQ76168 CAN-2003-0460 rotatelogs problem on Windows
- PQ90262 Misuse of gsk_secure_sock_close causes child
process crash
- PQ90562 mod_ibm_ssl storage leak across restart
- mod_snmp limit on virtual hosts was raised to 1500
- PQ87084 Fix ap_custom_response storage corruption
- CAN-2004-0174 AIX, Solaris: hang after reset connection
on rarely accessed socket
- PQ85548 Diagnostic hooks for IBM HTTP Server 1.3
- Fix an ErrorDocument problem which could result in POST
data being treated as an invalid request
1.3.28.1 fixes which are new with this interim fix:
- PK19060 Retry connection to LDAP server immediately
after connection drop
- PK24631 CVE-2006-3918 Escape value of Expect header in error
response to invalid Expect
- PK28587 LDAP cache expiration time was not always honored
- CMVC 84947 Fix crash in mod_ibm_ssl when using client
certificate authentication
- PK29157 CVE-2006-3747 mod_rewrite defect which could cause
crashes on HP-UX and Windows
1.3.28.1 fixes which were in previous interim fixes:
- PK13959 CVE-2005-2088 HTTP proxy vulnerability
- CVE-2005-3352 mod_imap cross-site scripting
vulnerability
- resolve Linux/x86 startup failures when
/etc/nsswitch.conf specifies LDAP for name resolution,
caused by dropped library support in RedHat Advanced
Server 3.0 Update 4 and SLES 9
- mod_ibm_ldap: When user id is locked, return 401
instead of 503 and record the problem in error log
- mod_ibm_ldap: Provide LdapReferralHopLimit directive
to control how many referrals are allowed
- mod_ibm_ldap: improve tracing
- allow mod_net_trace to trace writev error
- mod_ibm_ssl on Linux and Unix: resolve double-free
error when interfacing with sidd
- PK07747: IHS VIRTUAL HOST NO LONGER WORKS AFTER
INSTALLATION OF MICROSOFT SECURITY PATCH MS05-019
- PK05084 CAN-2004-0940 mod_include possible buffer
overflow
- Unix: Log errno string for sidd connect failures
- Track active plug-in module when ExtendedStatus in On.
"/server-status/?showmodule" can display it.
- Linux for pSeries and zSeries: Remove dependency on
external expat library
- CAN-2003-0020 Strip control characters before logging
to ErrorLog
- PK03424 Windows: Fix mod_rewrite RewriteLog
reliability problem on Windows
- CAN-2003-0987 mod_digest nonce exposure
- SSL in FIPS mode: Don't allow SSLv2 ciphers
- Windows include files reference missing file
- mod_log_config sometimes logged "0" instead of "-" for %b
format
- AIX: enable full core dump automatically for httpd
crashes
- Fix child process crash in ap_bhalfduplex().
- PQ89899 CAN-2004-0492 crash in mod_proxy
- PQ90262 Misuse of gsk_secure_sock_close causes child
process crash
- PQ90562 mod_ibm_ssl storage leak across restart
- mod_snmp limit on virtual hosts was raised to 1500
- PQ92124 HTTP POSTs fail or hang when Afpa is enabled; When
Afpa is enabled on Windows, HTTP POST requests may
occasionally appear to hang and eventually time out with an
error.
- PQ98444 Mod_ibm_ldap fails to UTF-8 encode the filter
string

    



Problem conclusion


    

  • The fixes listed above have been resolved.

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PK27875
    • 

  • Reported component name
    IBM HTTP SVR NT
    • 

  • Reported component ID
    5648B7802
    • 

  • Reported release
    326
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2006-07-10
    • 

  • Closed date
    2006-08-10
    • 

  • Last modified date
    2006-08-10
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Modules/Macros


    

  • HTTPD

    



Fix information


    

  • Fixed component name
    IBM HTTP SVR NT
    • 

  • Fixed component ID
    5648B7802
    • 



Applicable component levels


    

  • R326  PSN
       UP
    • 

  • R328  PSN
       UP
    • 








		


		
Copyright and trademark information

		

			
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide.  Other product and service names might be trademarks of IBM or other companies.  A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.

		

		


		

		
Rate this page

		

			
Please take a moment to complete this form to help us better serve you.

		

		
		

		
		
		
		
		
		
		

		

			
This material provides me with the information I need.

		

		

		

			 

			 

			 

			 

			 

		

		

		

  		
		

		

			
This material is clear and easy to understand.

		

		

		

			 

			 

			 

			 

			 

		

		

		

  		

		

		

			
Did the information help you to achieve your goal?

		

		

		

			
			
			
		

		

		


		

		

			
What updates, improvements, or related information would you like to see in this document?

		

		

			

		

		


		

			
Your response will be used to improve our document content. Requests for assistance, if applicable, should be submitted through your normal support channel as we cannot respond from this site.

		

		

			
Input the verification number to submit feedback:

		

		

			


		

		

		

			

		

		

		


		

		
		





Close [x]









   



Maintenance Window
 








     

  • The IBM Technical support pages, including the Downloads and Drivers Finders will be temporarily unavailable for up to 2 hours due to planned maintenance. This will take place between Saturday December 5, 2009 9:00 PM ET and Sunday, December 6, 2009 4:30 AM ET. During the maintenance, you will not be able to search or download from these pages.
    • 






   
















Close [x]









   



Unscheduled Maintenance Window









There is no unscheduled maintenance scheduled at this time.





   










		

			


			

				





		

		
		


		
Document information

		

			
Product categories:

		
		
Software
Application Servers
Distributed Application & Web Servers
IBM HTTP Server
Runtime

		
		

		
			
Software version:

			
326

			

		

		

		
			
Reference #:

			

		PK27875
			

			

		

			
IBM Group:

			
Software Group

			

			
Modified date:

			
2006-08-10

		

		


		
Translate my page

		

			

			

			
			

			
			
			
			

		

		


		
Rate this page

		

			
		

		


		

		
			
Availability Notices