My Oracle Support Banner

Relaxedquerychars And Relaxedpatchchars Not Updated With Tomcat Update/Patchset 19.9 (Doc ID 2630838.1)

Last updated on JUNE 05, 2020

Applies to:

Siebel CRM - Version 19.7 and later
Information in this document applies to any platform.

Symptoms

The Siebel 19.9, 19.7, 19.8 patch included Tomcat 9.0.14 and for improved security latest Tomcat 7, 8, 9 no longer allow special characters in URLs and Oracle is clearly aware of this and included the 'Relaxedquerychars and Relaxedpatchchars'
in the server.xml file.

While customer applied 19.9 Patch on 19.4, patch discarded the prior settings it did actually migrate server.xml settings from the old Tomcat version to the new Tomcat version.   While it took HTTP connector:
    <Connector port="8080" ¿ />

added the 2 relaxed attributes:
    <Connector port="8080" ¿ relaxedQueryChars=" "<>[\]^`{|}"relaxedPathChars=" "<>[\]^`{|}" ¿ />

It completely missed updating HTTPS connector:
<Connector port="443" ¿ />

As soon as user tried loading a page, 400 Bad Request error is displayed. 

 

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.