HTTPS POST Content-Length 0 after Update Q832894

[Chuck Arney]

After applying IE 6 update Q832894 (latest critical
update), we are seeing IE 6 send HTTPS POST requests to
our web server with Content-Length: 0, when it fact,
there is POST data in the submitted web page. This
occurs at random times. Most of the time any specific
web page works fine, but sooner or later it fails because
the web server receives the POST request with 0 Content-
Length header.

Removing this IE update restores normal operation with no
other changes to the web page content or web server
setup. So far, we have not seen this problem on HTTP
requests, only with HTTPS. A trace performed on our SSL
network appliance, shows the request was received from IE
6 with the Content-Length: 0 header.

Has anyone else experienced this problem? Is Microsoft
aware that it exists? My customers started seeing this
problem last week and research shows each machine which
sees the problem has recently installed Q832894.

Removing the update prevents the problem, but that's not
a good solution because we can not control the browser
used by the clients. All information is greatly
appreciated.

Chuck

 

[Smile Extender]

That same patch causes also "c0000005 (access violation)" errors on Outlook
Express when trying to preview messages containing yenc coded attachments. I
think it's up to Microsoft to fix that patch.

 

[Chuck]

That's part of my question. Is Microsoft aware of these
problems with Update Q832894? I don't want to waste my
time reporting things they already know about. But this
one is effecting a lot of people, and more as time passes
and more people apply the update.

Chuck

 

[Frank Saunders, MS-MVP]

After applying IE 6 update Q832894 (latest critical
update), we are seeing IE 6 send HTTPS POST requests to
our web server with Content-Length: 0, when it fact,
there is POST data in the submitted web page. This
occurs at random times. Most of the time any specific
web page works fine, but sooner or later it fails because
the web server receives the POST request with 0 Content-
Length header.

Removing this IE update restores normal operation with no
other changes to the web page content or web server
setup. So far, we have not seen this problem on HTTP
requests, only with HTTPS. A trace performed on our SSL
network appliance, shows the request was received from IE
6 with the Content-Length: 0 header.

Has anyone else experienced this problem? Is Microsoft
aware that it exists? My customers started seeing this
problem last week and research shows each machine which
sees the problem has recently installed Q832894.

Removing the update prevents the problem, but that's not
a good solution because we can not control the browser
used by the clients. All information is greatly
appreciated.

Chuck

Wininet retries POST requests with a blank header
http://support.microsoft.com/?kbid=831167

--
Frank Saunders, MS-MVP, IE/OE
Please respond in Newsgroup. Do not send email
http://www.fjsmjs.com
Protect your PC
http://www.microsoft.com/security/protect/

 

[Chuck]

Frank, its not clear that any connection reset occurred
in this case. It appears that the received POST request
was the first attempt at sending the request. However,
the rest of the description sounds promising. I will
have several of our users apply the fix for this and see
if that corrects the situation.

Thanks for your help!

Chuck

 

[James McGovern]

Microsoft has issued a general patch for this problem. It is not yet been
integrated into the Windows update site though.