APAR status
Closed as program error.
Error description
Depending on the data stored in your catalog, it may make sense for a person to be searching with up to 10 (or more) search terms. However, in most cases, it is likely either excessive or malicious to be searching for many more search terms. Since the storefront is responsible for creating the search REST request, if the storefront allows an unlimited (or very high) number of search terms to be used for the search, a potentially heavy search query can be executed against the search server. Similar issue can occur if Search REST requests are allowed to be performed directly against the Search server (from any source).
Local fix
Problem summary
USERS AFFECTED: WebSphere Commerce Version 7 and Version 8. PROBLEM ABSTRACT: REST search handlers allow excessive search terms to be searched BUSINESS IMPACT: Site could become non-responsive when the system load has reached a certain level while processing these long search requests RECOMMENDATION:
Problem conclusion
Two configurations have been added on the Search server's com.ibm.commerce.catalog/wc-component.xml to provide a bounded condition check on the length of the search phrase as well as the maximum number of allowed search terms: MaximumNumberOfSearchTerms - Defines the maximum number of tokens will be used as a search phrase. Any extra tokens beyond the given bounded limit will be discarded in order to prevent overloading the system. Default value is 20. MaximumLengthOfSearchPhrase - Defines the maximum length of search phrase. Any extra characters beyond the given bounded limit will be discarded in order to prevent overloading the system. Default value is 100.
Temporary fix
Comments
APAR Information
APAR number
JR57039
Reported component name
WC BUS EDITION
Reported component ID
5724I3800
Reported release
700
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
YesSpecatt / New Function / Pervasive /
Xsystem
Submitted date
2016-11-21
Closed date
2017-01-10
Last modified date
2017-01-10
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
WC BUS EDITION
Fixed component ID
5724I3800
Applicable component levels
R700 PSY
UP
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSYL","label":"WebSphere Commerce Enterprise"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.0","Line of Business":{"code":"LOB31","label":"WCE Watson Marketing and Commerce"}}]
Document Information
Modified date:
11 December 2021