|
Abstract |
Possible Denial of Service exposures with Web Services in
IBM® WebSphere® Application Server Versions 4 and 5 (PQ70921, PQ69451 and
PQ81278) |
|
Content |
Denial of Service might occur in certain circumstances
with XML processing in IBM WebSphere Application Server Versions 4 and 5.
Versions affected:
Three APARs address these issues:
- Version 5.0: APAR PQ70921 (XML Parser Denial
of Service attack using DTD)
- PQ70921 does not occur in Version 5.0.1 or later
- Versions 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5: APAR
PQ69451 (XML Parser Denial of Service attack using DTD)
- PQ69451 does not occur in Version 4.0.6 or later
- Versions 5.0, 5.0.1, 5.0.2, and 5.0.2.1: APAR
PQ81278 (Web Services Denial of Service problem with XML
Attributes)
Solution:
APAR fixes are available for download from the IBM WebSphere Application
Server support website to address these issues:
- For PQ70921, apply interim fix APAR PQ70921 or Fix
Pack 1 (5.0.1) or later.
- For PQ69451, apply interim fix APAR PQ69451 or Fix
Pack 6 (4.0.6) or later.
- For PQ81278, apply interim fix APAR PQ81278.
To download an interim fix or Fix Pack:
- Go to the WebSphere
Application Server support page.
- For PQ70921, search for "Fix Pack 5.0.1", "Fix Pack 5.0.2"
or "PQ70921".
- For PQ69451, search for "Fix Pack 4.0.6" or
"PQ69451".
- For PQ81278, search for "PQ81278".
- Click on the download link to download the fixes required.
Note: The Update
Installer is required to install interim fixes and fix packs for
Version 5. |
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|
|