A fix is available
APAR status
Closed as program error.
Error description
The support for X-XSS-Protection header is removed from the latest version of the browsers. This is causing an issue with CSRF Cross Scripting when using HATS.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * All HATS users * **************************************************************** * PROBLEM DESCRIPTION: * * While running a HATS application, users were able to * * successfully inject a malicious script through input * * parameters. * **************************************************************** * RECOMMENDATION: * **************************************************************** 1. Create a HATS web project 2. While running the project in the browser, try to inject a malicious script inside a query parameter 3. The script executes successfully in the browser!
Problem conclusion
Hatsruntime.jar code changes have been made to sanitize the malicious code to address the Cross-site scripting attack. Refer to the blog "Enabling HATS XSS Filter" to enable HATS cross site scripting protection.
Temporary fix
Comments
APAR Information
APAR number
IT36871
Reported component name
RATL HATS FOR 5
Reported component ID
5724U6800
Reported release
960
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2021-05-12
Closed date
2022-02-15
Last modified date
2022-02-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
RUNTIME
Fix information
Fixed component name
RATL HATS FOR 5
Fixed component ID
5724U6800
Applicable component levels
R960 PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSXKAY","label":"Rational Host Access Transformation Services"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"960","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
28 April 2022