PQ81278: Web Services Denial of Service problem with XML Attributes
 Downloadable files
 
Abstract
Denial of Service problem with XML attributes
 
Download Description
During the parsing of an XML document (e.g. by a SOAP server), a list of attributes is compiled for each parsed element. This is typically done by the underlying XML parsing facility (the XML parser).

The time it takes the XML parser to compile the list of attributes (in a given XML element) can consume an excessive amount of CPU resources.

Applying PQ81278 to WebSphere Application Server 5.0.0, 5.0.1, 5.0.2, and 5.0.2.1 will protect against this type of attack.
 
Prerequisites
The Update Installer for WebSphere Application Server 5.0.x is required to install this interim fix.
http://www.ibm.com/support/docview.wss?&tc=SSEQTP&uid=swg24001908
 
 
Installation instructions
See the readme file for installation instructions
 
URL LANGUAGE SIZE(Bytes)
Readme US English 2488
 
Download package
What is DD?
DOWNLOAD RELEASE DATE LANGUAGE SIZE(Bytes) Download Options
PQ81278 12/2/2003 US English 1078935 FTP DD
 
Technical support
1-800-IBM-SERV (U.S. calls only)
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers WebSphere Application Server Enterprise WebServices AIX, HP-UX, Linux, Multi-Platform, Solaris, Windows 5.0.0, 5.0.1, 5.0.2 Edition Independent
Application Servers Runtimes for Java Technology Java SDK
Problems (APARs) fixed
PQ81278
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Web Services (for example: SOAP or UDDI or WSGW or WSIF)
Operating system(s): Windows
Software version: 5.0.2.2
Software edition:
Reference #: 4005943
IBM Group: Software Group
Modified date: Dec 19, 2003