We have discovered a behaviour in RemObjects SDK Version 18.104.22.1681 that does not work anymore with newer Apache versions.
a few years ago we have developed an Apache SOAP WebService in Delphi, using TROSOAPMessage, with RemObjects SDK Version 22.214.171.1241.
At the time the WebService has been developed, the resulting ISAPI module was loaded into Apache Version 2.4.2 and worked fine.
But since an Apache update to Version 2.4.25 we get an Internal Server Error 500 at calling a function of the WebService, and the Apache error log entry reads “AH02428: Empty response header name, aborting request.”
We assume that this error is caused by RemObjects, that includes an “empty” header field in the response header, while a new Apache security fix - see https://httpd.apache.org/security/vulnerabilities_24.html#2.4.25 (CVE-2016-8743) - does not accept “empty” header fields anymore.
The response header, copied from WireShark TCP Stream, using the older Apache Version, reads
HTTP/1.1 200 OK
Date: Tue, 05 Sep 2017 12:59:07 GMT
Server: Apache/2.4.2 (Win32) OpenSSL/1.0.1c
Accept-Encoding: gzip, identity
Content-Type: text/xml; charset=utf-8
Here you can see this no longer accepted empty header line (consisting of just a colon) within the response header.
We would like to know if this is a known problem resp if there is a newer version of RemObjects SDK that fixes it, or if there is any workaround for it.