Fixes are available
APAR status
Closed as program error.
Error description
Client is generating an EGL web service and deploying it on WAS 7.0 on i/OS. An external security software scans the i/OS app server, sending it various payloads, and finds that for some invalid inputs, some results are returned (Error 500: SRVE0295E: Error reported: 500.) The security software flags these as violations since no response should have been returned.
Local fix
Problem summary
**************************************************************** * USERS AFFECTED: * **************************************************************** * PROBLEM DESCRIPTION: * **************************************************************** * RECOMMENDATION: * **************************************************************** Security scanning exposes a vulnerability because RBD returns exceptions with detailed debugging messages.
Problem conclusion
Log the complete message to the app server console and removed the messages in the returned exceptions.
Temporary fix
Comments
APAR Information
APAR number
PM63489
Reported component name
RATL BUS DEV
Reported component ID
5724S5000
Reported release
801
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2012-04-27
Closed date
2012-10-08
Last modified date
2012-10-08
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
RATL BUS DEV
Fixed component ID
5724S5000
Applicable component levels
R801 PSN
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSMQ79","label":"Rational Business Developer"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.0.1","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
08 October 2012