APAR status
Closed as program error.
Error description
Netty - CVE-2021-43797 (Publicly disclosed vulnerability)
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Storage Insights users * **************************************************************** * PROBLEM DESCRIPTION: * * CVEID: CVE-2021-43797 * * Netty is an asynchronous event-driven network * * application framework for rapid development of * * maintainable high performance protocol servers * * & clients. Netty prior to version 4.1.7.1.Final * * skips control chars when they are present at the * * beginning / end of the header name. It should * * instead fail fast as these are not allowed by the * * spec and could lead to HTTP request smuggling. * * Failing to do the validation might cause netty to * * "sanitize" header names before it forward these * * to another remote system when used as proxy. * * This remote system can't see the invalid usage * * anymore, and therefore does not do the validation * * itself. * * Upgraded to version 4.1.7.1.Final to receive the * * fix. * * * **************************************************************** * RECOMMENDATION: * ****************************************************************
Problem conclusion
The fix for this APAR is contained in the following release: IBM Storage Insights 1Q22 [ 54X-IBM-SI ] ( 1Q 2022 / March )
Temporary fix
Comments
APAR Information
APAR number
IT39892
Reported component name
STORAGE INSIGHT
Reported component ID
5608TPCSI
Reported release
544
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2022-02-07
Closed date
2022-03-22
Last modified date
2022-03-22
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
STORAGE INSIGHT
Fixed component ID
5608TPCSI
Applicable component levels
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSYS7R","label":"IBM Spectrum Control Storage Insights"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"544"}]
Document Information
Modified date:
23 March 2022