Vulnerability

    Websphere

Affected

    IBM HTTP Server 1.3.6.4, 1.3.12, 1.3.12.2 for Windows NT/2000

Description

    Following is based on a Defcom Labs Advisory def-2001-02 by  Peter
    Grundl.  The  Apfa cache in  the IBM HTTP  Server, which Websphere
    is built on, has problems handling certain types of URL  requests.
    The result of such a URL  is a kernel leak, which will  eventually
    end up  consuming all  available kernel  memory and  rendering the
    host useless.

    Sending  a  continous  stream  of  HTTP requests resulting in "bad
    request" will cause a kernel leak  in Windows NT.  There are  many
    ways to trigger the bad request result that triggers the leak, eg.

        GET / HTTP/1.0\r\nuser-agent: 20000xnull\r\n\r\n

Solution

    Comment  out  the  three  lines  beginning  with  "Afpa"  in   the
    httpd.conf file (located in the  conf directory in the web  server
    folder).  Download and install the fix from

        http://www-4.ibm.com/software/webservers/httpservers/efix.html