Fixes are available
9.0.0.9: WebSphere Application Server traditional V9.0 Fix Pack 9
9.0.0.10: WebSphere Application Server traditional V9.0 Fix Pack 10
9.0.0.11: WebSphere Application Server traditional V9.0 Fix Pack 11
9.0.5.0: WebSphere Application Server traditional Version 9.0.5 Refresh Pack
9.0.5.1: WebSphere Application Server traditional Version 9.0.5 Fix Pack 1
9.0.5.2: WebSphere Application Server traditional Version 9.0.5 Fix Pack 2
9.0.5.3: WebSphere Application Server traditional Version 9.0.5 Fix Pack 3
APAR status
Closed as program error.
Error description
In IHS 8.5, mod_include uses the same scheme for both decoding and encoding an echo var's value. Default is 'entity'. In IHS 9.0, mod_include allows independent control of decoding / encoding... where the default for decoding is 'none' and default for encoding is 'entity'. When a variable has already been declared with an HTML encoded value, the echo output is rendered correctly with IHS 8.5 because of the lockstep decoding / encoding schemes. However, when upgrading to IHS 9.0, the same variable value will be double-encoded and rendered incorrectly since mod_include uses non-matching defaults.. decoding='none' and encoding='entity'.
Local fix
One of the following: - Set echo with encoding='none' to match decoding default - Set echo with decoding='entity' to match encoding default - Declare SSI variable values without encoding
Problem summary
**************************************************************** * USERS AFFECTED: Users of IBM HTTP Server with server-side * * includes * **************************************************************** * PROBLEM DESCRIPTION: HTML-encoded SSI is processed * * differently in 9.0 * **************************************************************** * RECOMMENDATION: * **************************************************************** In IHS 8.5, mod_include uses the same scheme for both decoding and encoding an echo var's value. Default is 'entity'. In IHS 9.0, mod_include allows independent control of decoding / encoding... where the default for decoding is 'none' and default for encoding is 'entity'. When a variable has already been declared with an HTML encoded value, the echo output is rendered correctly with IHS 8.5 because of the lockstep decoding / encoding schemes. However, when upgrading to IHS 9.0, the same variable value will be double-encoded and rendered incorrectly since mod_include uses non-matching defaults.. decoding='none' and encoding='entity'.In IHS 8.5, mod_in
Problem conclusion
For affected configurations, where strings are pre-entity encoded, the text should no longer be entity encoded or the decoding algorithm should be specified on the echo tag. In the case of many affected SSI documents, a directive has been added to allow the default decoding to be changed: SSIOptions DefaultSetDecoding=entity The fix for this APAR is targeted for IHS 9.0.0.9.
Temporary fix
Comments
APAR Information
APAR number
PI98705
Reported component name
IBM HTTP SERVER
Reported component ID
5724J0801
Reported release
900
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-06-01
Closed date
2018-08-15
Last modified date
2018-08-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
IBM HTTP SERVER
Fixed component ID
5724J0801
Applicable component levels
R900 PSY
UP
Document Information
Modified date:
07 September 2022