PM16366: mod_proxy_http timeout detection error

Fixes are available

7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for AIX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for HP-UX
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for IBM i
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Linux
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Solaris
7.0.0.13: WebSphere Application Server V7.0 Fix Pack 13 for Windows
7.0.0.13: Java SDK 1.6 SR8FP1 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for AIX
7.0.0.15: Java SDK 1.6 SR9 Cumulative Fix for WebSphere Application Server
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for HP-UX
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for IBM i
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Linux
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Solaris
7.0.0.15: WebSphere Application Server V7.0 Fix Pack 15 for Windows
7.0.0.17: WebSphere Application Server V7.0 Fix Pack 17
7.0.0.17: Java SDK 1.6 SR9 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.19: WebSphere Application Server V7.0 Fix Pack 19
7.0.0.21: WebSphere Application Server V7.0 Fix Pack 21
7.0.0.23: WebSphere Application Server V7.0 Fix Pack 23
7.0.0.25: WebSphere Application Server V7.0 Fix Pack 25
7.0.0.27: WebSphere Application Server V7.0 Fix Pack 27
7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.27: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • Timeout detection flaw in the optional mod_proxy_http module.
    

Local fix

  • * Do not load mod_proxy_http.
    * Do not configure/enable any http proxy worker pools with
      ProxySet or ProxyPass optional arguments.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  IBM HTTP Server 7.0 users on the Microsoft  *
    *                  Windows operating system that have enabled  *
    *                  the optional mod_proxy_http module.         *
    ****************************************************************
    * PROBLEM DESCRIPTION: mod_proxy_http does not properly        *
    *                      detect timeouts, resulting in           *
    *                      connections being improperly returned   *
    *                      to the connection pool.                 *
    ****************************************************************
    * RECOMMENDATION:  Apply this fix if mod_proxy_http is         *
    *                  configured.                                 *
    ****************************************************************
    CVE-2010-2068: Timeout detection flaw in mod_proxy_http on the
    Windows platform.
    

Problem conclusion

  • A fix is being provided to resolve the timeout detection issue
    in mod_proxy_http
    
    This fix is targeted for IBM HTTP Server fixpacks:
    - 7.0.0.13
    - (not applicable to 6.0 and 6.1)
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM16366

  • Reported component name

    IBM HTTP SERVER

  • Reported component ID

    5724J0801

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2010-06-12

  • Closed date

    2010-06-29

  • Last modified date

    2010-07-23

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    IBM HTTP SERVER

  • Fixed component ID

    5724J0801

Applicable component levels

  • R700 PSY

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

IBM HTTP Server
Runtime

Software version:

7.0

Reference #:

PM16366

Modified date:

2010-07-23

Translate my page

Machine Translation

Content navigation