 |
Fix list for IBM HTTP Server Version 6.0.2
|
| | | Abstract | | IBM HTTP Server provides periodic fixes for release 6.0.2. The following is a complete listing of fixes for Version 6.0.2 with the most recent fix at the top. | | | | | | | | Content |
Note: There were no service updates to IBM HTTP Server V6.0.2 between 6.0.2.3 and 6.0.2.7 or between 6.0.2.15 and 6.0.2.19.
|
Fix release date: 31 August 2009
Last modified: 31 August 2009
Status: Recommended
 Download information | |
| APAR | Description | | PK79583 | mod_ldap retrys only once, without delay, when ldap_bind fails | | PK84656 | Slow memory leak in rotatelogs | | PK84899 | Failure and crash in IHS Administration Server during stop operation | | PK86338 | mod_mem_cache slow memory leak | | PK86513 | mod_ibm_ssl session ID cache daemon (SIDD) started twice in error at HTTP Server startup | | PK87590 | %{SERVER_PORT} variable incorrectly resolves to '80' when SSL issued but no port number is provided on the ServerName directive | | PK88341 | CVE-2009-0023 : Underflow in apr_strmatch_precompile &
CVE-2009-1956 : apr_brigade_vprintf off-by-one overflow vulnerability | | PK88342 | CVE-2009-1955 : apr_xml_* interface vulnerability |
Note: IBM HTTP Server 6.0.2.37 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
| APAR | Description | | PK75671 | When an invalid Expect header is received, IBM HTTP Server does not respond until timeout value has occured. | | PK75858 | The IBM HTTP Server parent process crashes while restarting piped logger if all file descriptors are exhausted. | | PK76105 | The directive 'CoreDumpDirectory' used to specify the location for locating core dumps was ignored for parent process crashes. | | PK76363 | Improve mod_mpmstats logging in IHS 6.X to display hanging modules in post_read_request hook. | | PK77458 | Cached responses contain incorrect Content-Type and Content-Encoding headers on IBM HTTP Server. | | PK77969 | New log messages to explain the HTTP 403 error when PATH_MAX is exceeded. | | PK78007 | When an SSL request arrives shortly after an IHS restart, a SSL0600S error is logged. | | PK78073 | Can't configure mod_charset_lite to translate only mod_autoindex output. | | PK78128 | Set-Cookie and Set-Cookie2 headers not preserved on 304 responses. | | PK78333 | Translate 100-Continue responses to ASCII. | | PK81016 | mod_proxy_ftp cannot serve files with wildcards in their names. |
Note: IBM HTTP Server 6.0.2.35 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 13 February 2009
Last modified: 13 February 2009
Status: Superseded
 Download information | |
| APAR | Description | | PK68392 | If a piped logger such as rotatelogs fails, a handle is leaked. On Windows, IBM HTTP Server is unable to restart the piped logger. | | PK68688 | mod_proxy_connect may timeout when it processes incoming SSL requests where the SSL record length is between 8 and 16 kilobytes. | | PK69212 | 'SSLClientAuth required' directive triggers HTTP access control without notification to browser at SSL layer | | PK70028 | mod_cgid tokenizing ISINDEX queries incorrectly resulting in NULL command line arguments not being passed to CGI scripts | | PK70197 | CVE-2008-2939 mod_proxy_ftp unescaped wildcard | | PK74791 | SSL0267E doesn't distinguish between timeouts establishing and completing the SSL handshake |
Note: IBM HTTP Server 6.0.2.33 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 20 October 2008
Last modified: 20 October 2008
Status: Superseded
 Download information | |
| APAR | Description | | PK66154 | mod_cgid socket permissions problem & sidd socket permissions problem | | PK66755 | IBM HTTP Server mod_rewrite RewriteMap directive can result in high CPU usage when thousands of strings are passed as keys | | PK66924 | IBM HTTP Server does not correctly handle orphaned rotatelogs processes for the Windows operating system | | PK67579 | CVE-2008-2364 HTTP proxy potential denial of service when proxying to untrusted servers | | PK67658 | Recursive error document problem | | PK68182 | postinst returns an error when conf files are not present during service pack install |
Note: IBM HTTP Server 6.0.2.31 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
| APAR | Description | | PK61452 | Server Side Includes under mod_include are unreliable with output filters | | PK61608 | HTTP client certificate revocation status performance enhancement | | PK62242 | Incorrect error handling in IBM HTTP Server when SIDD is not found under server root | | PK64089 | Access log displays incorrect timezone offset | | PK64092 | SSL0409I is sometimes logged when an SSL client disconnects |
Note: IBM HTTP Server 6.0.2.29 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 14 April 2008
Last modified: 14 April 2008
Status: Superseded
 Download information | |
| APAR | Description | | PK57549 | Upgrade GSKit to 7.0.4.14 | | PK57680 | High CPU loop in mod_ibm_ssl when poll returns unexpected events | | PK57952 | Input method not escaped in default 413 error response | | PK58024 | CVE-2007-5000 mod_imap cross-site scripting vulnerability | | PK58184 | rotatelogs ignores -l option when rotating files based on size | | PK58884 | IBM HTTP Server compression; AddOutputFilterByType directive did not apply to proxy requests | | PK59667 | CVE-2007-6388 mod_status cross-site scripting vulnerability |
Note: IBM HTTP Server 6.0.2.27 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.63.
|
Fix release date: 21 January 2008
Last modified: 21 January 2008
Status: Superseded
 Download information | |
| APAR | Description | | PK48505 | mod_deflate should not process metadata buckets as data | | PK52726 | Allow Certificate Revocation List support to be used on HP-UX |
Note: IBM HTTP Server 6.0.2.25 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.61.
|
Fix release date: 12 October 2007
Last modified: 12 October 2007
Status: Superseded
 Download information | |
| APAR | Description | | PK50467 | CVE-2007-3304 MPM signalling vulnerability | | PK48412 | IBM HTTP SERVER logs bad date when certificate has expired | | PK50469 | CVE-2007-3847 proxy buffer over-read vulnerability | | PK50460 | mod_deflate does not work with vary headers | | PK49295 | CVE-2006-5752 mod_status cross-site scripting vulnerability | | CVE-2007-1863 mod_cache crash with malicious request | | PK48606 | IBM HTTP Server shared object fails to load at run-time on RHEL 5 |
Note: IBM HTTP Server 6.0.2.23 contains all applicable security fixes in Apache HTTP Server versions up through 2.0.61.
| APAR | Description | | PK35968 | updateinstaller does not check the current IBM® HTTP Server level before allowing the install to take place | | PK42913 | updating IBM HTTP Server does not update the IHS.product file correctly | | PK45328 | Single DES is no longer an approved FIPS-140 security function | | PK45277 | Segmentation fault occurs when pidfile does not exist on web server start | | PK45296 | mod_ibm_ldap possible crash from uninitialized memory | | PK44274 | ProxyErrorOverride should not affect redirects | | PK37809 | Empty response was sent for cached static files after revalidation timeout |
|
Fix release date: 27 April 2007
Last modified: 27 April 2007
Status: Superseded
 Download information | |
| APAR | Description | | PK39018 | Restart SIDD if it crashes or exits unexpectedly | | PK38839 | Allow coredumps and other serviceability data for SIGFPE | | PK34981 | The IBM HTTP Server administrative console incorrectly reports the
stop/start status of the IBM HTTP Server | | PK35675 | mod_mem_cache crashes when used with client certificate authentication | | PK34180 | Fix incorrect 304 responses for objects which have expired from the cache | | PK31460 | Fix handling of non-200 success status codes when
"ProxyErrorOverride On" is configured. | | PK30837 | mod_ibm_ldap problems when enabled in .htaccess files | | PK37731 | no client certificate prompt when multiple SSL vhosts
configured | | PK33253 | SSL virtualhosts unable to perform SSLV3 handshake when keyfile directive has been specified with an invalid parameter |
|
Fix release date: 2 October 2006
Last modified: 2 October 2006
Status: Superseded
 Download information | |
| APAR | Description | | PK28348 | There is a bug in the handling of cgid directives inside virtualhosts when using ScriptStock directive. | | PK28359 | Message "SSL0227E: SSL Handshake Failed, Specified label could not be found in the key file" occurs using n-cipher card. | | PK29154 | CVE-2006-3747 mod_rewrite error |
|
Fix release date: 14 August 2006
Last modified: 14 August 2006
Status: Superseded
 Download information | |
| APAR | Description | | PK21998 | PROVIDE DIRECTIVE FOR DISABLING INDIVIDUAL SSL PROTOCOL | | PK24631 | CVE-2006-3918 HTTP EXPECT HEADER VALUE CAN BE ECHOED TO BROWSER UNESCAPED | | PK24686 | CGI ON UNIX AND LINUX CANNOT SEE PATH TO SCRIPT IN ARG0 | | PK22995 | EXCESSIVE CHILD PROCESS CREATION DURING STARTUP. | | PK25428 | 6.0.X IBM HTTP Server ADMINISTRATION SERVER PERIODICALLY SEGFAULTS WITH __READ_NOCANCEL IN /LIB/TLS/LIBPTHREAD.SO.0. |  | mod_cache: Fix inconsistent results from requests which are implemented as subrequests. | | Correct a problem with ikeyman.bat on Windows 2000 |
| APAR | Description | | PK20167 | INSTALLATION OF REFRESH PACK 2 FOR IBM HTTP SERVER VERSION 6.0.2 IS PARTIAL DUE TO USING THE WRONG BASEDIR FOR INSTALLING GSKIT. | | PK22485 | IBM HTTP Server MEMORY LEAK IF FILES BEING SERVED ARE TRUNCATED | | PK23962 | IKEYMAN.BAT ON MICROSOFT® WINDOWS FAILS WITH GSKIT 7.0.3.20 | | htdbm crash with -d option on HP-UX/ia64 | | allow diagnostic modules to track activity in log-transaction hook |
|
Fix release date: 14 April 2006
Last modified: 14 April 2006
Status: Superseded
 Download information | |
| APAR | Description | | PK20184 | crashes related to mod_ibm_ssl and mod_ext_filter | | PK20050 | HTTP status line problem with WebSphere plug-in and byterange filter | | PK17802 | mod_speling crash with WebSphere request | | PK13784 | GSKit upgrade to 7.0.3.20 (except for HP-UX/PA-RISC) | | PK17867 | provide mod_ibm_ldap LDAPCodePageDir directive | | PK19060 | mod_ibm_ldap doesn't retry request when server timed out connection | | PK18642 | mod_ibm_ldap memory leak | | PK19865 | ikeyman won't start on AIX due to JAVA_HOME setting | | mod_ibm_ssl now removes null ciphers from default list of supported ciphers | | Apache.exe -V on Windows and apachectl -V on other platforms now displays CVE ids of applicable Apache vulnerabilities resolved in this level of IBM HTTP Server |
|
Fix release date: 13 February 2006
Last modified: 13 February 2006
Status: Superseded
 Download information | |
| APAR | Description | | PK13453 | CLIENT CERTIFICATE IS REQUESTED AND NOT PROVIDED, GSKIT ON THE SUBSEQUENT CONNECTION FINDS AND DELETES THE ORIGINAL SESSION ID. | | PK13858 | IBM HTTP SERVER CONTENT-LENGTH HEADER REMOVED FROM PROXIED REQUESTS | | PK15553 | MOD_INCLUDE PARSER OMITS PARTS OF OUTPUT STREAM | | Prevent hosts with SSLProxyEngine On from covering up failed initialization of primary SSL environment. | | Enable TLS protocol in the GSKit proxy environment to allow for connections to backends using FIPS ciphers. | | PK15926 | MOD_IBM_LDAP CONFLICT WITH OPENLDAP WHEN /ETC/NSSWITCH.CONF USES LDAP FOR GROUP LOOKUPS | | PK16390 | IBM HTTP Server 6.0 MAINTENANCE INSTALLATION DISK SPACE REQUIREMENTS ARE LARGER THEN NEEDED |
|
Fix release date: 28 October 2005
Last modified: 28 October 2005
Status: Superseded
 Download information | |
| APAR | Description | | CAN-2005-2970 worker MPM memory leak after aborted connection (non-Windows platforms) | | Prevent double-free of GSKit memory during stop or restart which sometimes caused a coredump (non-Windows platforms) | | Prevent double-free when an error occurred reading data from sidd. (non-Windows platforms only) | | PK11929 | CAN-2005-2491 Fix integer overflow in PCRE which leads to a heap-based buffer overflow.
CAN-2005-2728 Fix byte-range filter which allowed remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field. | | Handle strerror() returning NULL on Solaris, resolving possible crashes when writing to the error log. | | Handle SSL requests where FIN is received from the client on Keepalive connections before the response is written. | | sidd now reports specific error code and filename when its trace or error log can't be opened. | | Fixed swapped references to ciphers 62 and 64. his resulted in SSLCipher* directives operating on the wrong cipher (i.e. using 64 if 62 had been specified). | | Fix SSL handling of Timeout values larger than 2000 seconds, resolving SSL handshake failures | | PK09327 | IIBM HTTP Server ADMINISTRATION RUNNING ON 64 BIT FAILS TO PROPAGATE THE FILES FROM WEBSPHERE APPLICATION SERVER TO IBM HTTP Server. | | PK08359 | IBM HTTP Server 6.0 ADMINISTRATION SERVICE CANNOT START AS NON-ROOT, NOR CAN RUN MULTIPLE CONCURRENT INSTANCES ON SAME MACHINE. | | PK10954 | IBM HTTP Server WILL NOT START LOADING THE LDAP MODULE ON (RH4,PPC64) |
|
Fix release date: 02 September 2005
Last modified: 02 September 2005
Status: Superseded
 Download information | |
| APAR | Description | | PK07831 | INCOMPATIBILITY BETWEEN IBM HTTP SERVER AND CERTAIN GSKIT LEVELS | | PK07747 | IBM HTTP Server VIRTUAL HOST NO LONGER WORKS AFTER INSTALLATION OF MICROSOFT SECURITY PATCH MS05-019 | | CAN-2005-2088 preventative measures to prevent HTTP request smuggling, from Apache 2.1.6 and future Apache 2.0.55 | | mod_ibm_ssl: include client IP address on many messages | | mod_ibm_ssl: improve reporting of many SSL communication errors | | IBM HTTP Server 2.0.X EXITS DUE TO TRANSIENT THREAD CREATION ERRORS. UNIX ONLY | | PK05830 | IBM HTTP Server 2.0 AND HIGHER ON ALL UNIX PLATFORMS CAN HANG WHEN WRITING LOG RECS TO A PIPED LOGGER, ROTATELOGS, DURING GRACEFUL RESTART. | | PK05957 | SHIFT_JIS IS DISPLAYED IN ERROR RESPONSE CAUSING BAD CHARACTERS. | | Set REDIRECT_REMOTE_USER for redirection of authenticated requests | | worker mpm: lower severity of mutex "error" message which can occur normally during restart | | display time taken to process request in mod_status | | mod_proxy: Handle client-aborted connections correctly | | mod_mime_magic on Windows: support magic files with native line endings | | support SHA1 passwords for mod_auth and mod_auth_dbm | | support SendBufferSize on Windows operating systems | | start piped loggers via the shell on UNIX platforms, to support redirection | | mod_cgid: Fix buffer overflow processing ScriptSock directive | | mod_ibm_ldap: put timestamp on ldap trace records for correlation with other logs | | mod_ibm_ldap: return authorization error instead of internal server error when password has expired | | mod_ibm_ldap: add configuration control over whether or not referrals are chased via "LdapReferrals [On|Off]" and "LdapReferralHopLimit nnn" | | mod_ibm_ldap: add rebind support for improved compatibility with Microsoft Active Directory 2003 |
| APAR | Description | | Fix storage corruption problem with mod_userdir+suexec processing | | Fix memory leak in the cache handling of mod_rewrite | | Fix problem with default service name on Windows with 6.0.1. | | Service name is 6.0 for life of 6.0.x release. | | IBM HTTP SERVER HIGH CPU USAGE DUE TO INEFFICIENT READING OF REWRITEMAP FILES. | | dbmmanage: Select the database format which is accepted by IBM HTTP Server | | Set RH variable to indicate which module handled or failed the request | | Fix a servlet timeout when a POST response page contains SSI tags | | fix mod_fastcgi incompatibility with WebSphere plug-in | | rename zlib symbols used by mod_deflate to avoid collision with third-party modules | | fix ownership of sidd socket if IBM HTTP Server started as non-root on HP-UX platforms | | PK00175 | CORRUPTION OF LIBPATH ENVIRONMENT VARIABLE BY MOD_IBM_SSL PREVENTS SITEMINDER FROM STARTING EXTERNAL LLAWP PROCESS. | | add "/server-status?showmodule" support for displaying name of | | module where request is stuck; ihsdiag 1.4.0 also exploits this support | | PQ86346 | Segmentation Fault IBM HTTP Server w/ nss_ldap | | | | | | | | | Cross Reference information | | Segment | Product | Component | Platform | Version | Edition | | Application Servers | WebSphere Application Server | IBM HTTP Server | AIX, HP-UX, Linux, Solaris, Windows | | |
| | |
|
|
| IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml. |
|
|
|
|
| Please take a moment to complete this form to help us better serve you. |
|
 |
|
|
|
|
|
|
| Product categories: |
|
| | Software | |
| | Application Servers | |
| | Distributed Application & Web Servers | |
| | IBM HTTP Server | |
| | Install | |
|
| Operating system(s): |
| |
AIX, HP-UX, Linux, Solaris, Windows
|
|
| Software version: |
| |
6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.11, 6.0.2.13, 6.0.2.15, 6.0.2.17, 6.0.2.19, 6.0.2.21, 6.0.2.23, 6.0.2.25, 6.0.2.27, 6.0.2.29, 6.0.2.31, 6.0.2.33, 6.0.2.35, 6.0.2.37
|
|
| Reference #: |
| |
7007033
|
|
| IBM Group: |
| | Software Group |
|
| Modified date: |
| | 2009-08-31 |
|
|
