IBM Support

PK73102: THERE ARE NO CONTROLS WITHIN CICS TO PREVENT IT FROM RESPONDING TO AN HTTP TRACE REQUEST ON AN TCP IP PORT IT IS LISTENING ON.

A fix is available

Obtain the fix for this APAR.

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • There is currently no mechanism to allow the TRACE method to be
blocked.  CICS will process it and provide a response without
any user code being involved.
.
Additional Symptom(s) Search Keyword(s):
KIXREVJDD

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED: All.                                         *
****************************************************************
* PROBLEM DESCRIPTION: There are no controls to prevent CICS   *
*                      from responding to a HTTP TRACE         *
*                      request.                                *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
CICS Web Support always responds to an HTTP TRACE request.
This is handled automatically by the web receiver task. There
is no mechanism to allow CICS to be configured to reject the
HTTP TRACE request.

    



Problem conclusion


    

  • The web domain has been altered so that CICS will respond to
a HTTP TRACE request with a 501 Method Not Implemented
response.

The CICS Transaction Server for z/OS, Internet Guide,
Version 3 Release 1, SC34-6450-06, Part 2: CICS Web support,
Chapter 4: Configuring CICS Web support base components and
The CICS Transaction Server for z/OS, Internet Guide,
Version 3 Release 2, SC34-6831-01, Part 2: CICS Web support,
Chapter 4: Configuring CICS Web support base components needs
to have the new section below added at the end.

Configure HTTP TRACE method to be disabled
------------------------------------------
By default, all HTTP TRACE requests will receive a 200 OK
response. You may optionally override this, so that a HTTP TRACE
request will receive a 501 Method Not Implemented response. In
order to do this you will need to create an assembler data-only
module called 'DFHWBMTH' which contains a halfword length
followed by a 7 byte field that contains the characters
'NOTRACE'.

An example of the source is shown below :-

//DFHWBMTH  JOB   'accounting info',name,MSGCLASS=A
//ASM      EXEC PGM=ASMA90,REGION=2048K,
//            PARM=(DECK,NOOBJECT,ALIGN)
//SYSPRINT DD SYSOUT=*
//SYSLIB   DD DSN=SYS1.MACLIB,DISP=SHR
//SYSUT1   DD SPACE=(CYL,(3,2))
//SYSUT2   DD SPACE=(CYL,(1,1))
//SYSUT3   DD SPACE=(CYL,(1,1))
//SYSPUNCH DD DSN=&&OBJMOD,DISP=(,PASS),
//            SPACE=(CYL,(1,1)),
//            DCB=(RECFM=FB,LRECL=80,BLKSIZE=400)
//SYSIN    DD DATA,DLM='@@'
DFHWBMTH CSECT
DFHWBMTH AMODE 31
DFHWBMTH RMODE ANY
LENGTH   DC AL2(ENDDATA-*)
OPTIONS  DC CL7'NOTRACE'
ENDDATA  EQU *
         END     DFHWBMTH
@@
//LKED     EXEC PGM=IEWL,REGION=2048K,
//            PARM=(LIST,XREF),
//            COND=(7,LT)
//SYSPRINT DD SYSOUT=*
//SYSUT1   DD SPACE=(CYL,(1,1))
//SYSLIN   DD DSN=&&OBJMOD,DISP=(OLD,DELETE)
//         DD DDNAME=SYSIN
//SYSLMOD  DD DSN=CICS.DFHRPL,DISP=SHR
//SYSIN    DD DATA,DLM='@@'
    MODE AMODE(31),RMODE(ANY)
    NAME DFHWBMTH(R)
@@

    



Temporary fix


    

  • FIX AVAILABLE BY PTF ONLY

    



Comments


    

  • 



APAR Information




    

  • APAR number
    PK73102
    • 

  • Reported component name
    CICSTS V3 Z/OS
    • 

  • Reported component ID
    5655M1500
    • 

  • Reported release
    500
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2008-10-01
    • 

  • Closed date
    2009-02-17
    • 

  • Last modified date
    2009-03-03
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    
UK44098 UK44099
    

    • 



Modules/Macros


    

  •    DESWBAN  DESWBAP  DESWBDM  DESWBRQ  DESWBRQF
DESWBSR  DESWBXM  DESWBXN  DFHWBANC DFHWBAND DFHWBAP  DFHWBAPA
DFHWBAPF DFHWBAPJ DFHWBAPM DFHWBAPT DFHWBAPV DFHWBDCC DFHWBDCD
DFHWBDM  DFHWBRQD DFHWBRQS DFHWBSR  DFHWBSRA DFHWBSRM DFHWBSRT
DFHWBXM  DFHWBXMA DFHWBXMT DFHWBXN

    




Publications Referenced


SC34645006SC34683101   





Fix information


    

  • Fixed component name
    CICSTS V3 Z/OS
    • 

  • Fixed component ID
    5655M1500
    • 



Applicable component levels


    

  • R400  PSY  UK44098
       UP09/02/21  P  F902
    • 

  • R500  PSY  UK44099
       UP09/02/21  P  F902
    • 



Fix is available


    

  • Select the PTF appropriate for your component level.
You will be required to sign in. Distribution on physical
media is not available in all countries.
    








      
              
                            

              

              [{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"3.2","Edition":"","Line of Business":{"code":"","label":""}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            03 March 2009
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback