APAR status
Closed as program error.
Error description
If certain security tags refer to very large external
resources, 100% CPU utilization may result. It is feasible
that these references can be created with malicious intent.
Specific vulnerable references include:
* ds:Signature/ds:SignedInfo/ds:Reference/@URI
* ds:KeyInfo/ds:RetrievalMethod/@URI
* enc:EncryptedData/enc:CipherData/enc:CipherReference/@URI
* enc:EncryptedKey/enc:CipherData/enc:CipherReference/@URI
Local fix Problem summary
****************************************************************
* USERS AFFECTED: All WebSphere Application Server users *
* who have web services with security enabled. *
****************************************************************
* PROBLEM DESCRIPTION: 100% CPU usage if external references *
* are used in certain XML tags. *
****************************************************************
* RECOMMENDATION: *
****************************************************************
100% CPU usage if external references are used in the XML tags
listed below if the reference is to an excessively large data
transfer.
ds:Signature/ds:SignedInfo/ds:Reference/@URI
ds:KeyInfo/ds:RetrievalMethod/@URI
enc:EncryptedData/enc:CipherData/enc:CipherReference/@URI
enc:EncryptedKey/enc:CipherData/enc:CipherReference/@URI
Problem conclusion
The code was modified so that external references in these tags
are now ignored.
Temporary fix Comments
APAR information |
APAR number |
PQ76836 |
Reported component name |
WAS BASE 5.0 |
Reported component ID |
5630A3600 |
Reported release |
00A |
Status |
CLOSED PER |
PE |
NoPE |
HIPER |
NoHIPER |
Special Attention |
NoSpecatt |
Submitted date |
2003-07-28 |
Closed date |
2003-07-30 |
Last modified date |
2003-07-30 |
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
Publications Referenced
Applicable component levels |
R003 PSY |
UP |
R00A PSY |
UP |
R00H PSY |
UP |
R00I PSY |
UP |
R00P PSY |
UP |
R00S PSY |
UP |
R00W PSY |
UP |
|