PQ70921: XML Parser Denial of Service attack using
DTD for Application Server
Downloadable files
Abstract
Denial of service can be caused by using the DTD part of
an XML document. This can cause the WebSphere XML Parser to consume an
excessive amount of CPU resources.
Download Description
This problem is a result of the XML4J version used with WebSphere
Application Server. To resolve this problem, the WebSphere Application
Server XML4J version was updated to 3.2.4. XML4J 3.2.4 contains a patch
for the denial of service security vulnerability, and is also needed for
SOAP.
Applying this iFix replaces the xerces.jar file in WebSphere.
IMPORTANT: PQ70921 is for version 5.0.0 only. This Fix is included in Fix
Pack 1. Applying Fix Pack 1 instead of PQ70921 will correct this problem.
It is recommended that customers install Fix Pack 1 or Fix Pack 2 instead
of PQ70921.
Product categories: Software > Application Servers >
Distributed Application & Web Servers > WebSphere Application
Server > Web Services (for example: SOAP or UDDI or WSGW or WSIF)
Operating system(s): Windows
Software version: 5.0
Software edition: Reference #: 4005582
IBM Group: Software Group
Modified date: Aug 17, 2004
(C) Copyright IBM Corporation 2000, 2009. All Rights
Reserved.