Possible Denial of Service exposures with Web Services in IBM WebSphere Application Server Versions 4 and 5 (PQ70921, PQ69451 and PQ81278)
 Flash (Alert)
 
Abstract
Possible Denial of Service exposures with Web Services in IBM® WebSphere® Application Server Versions 4 and 5 (PQ70921, PQ69451 and PQ81278)
 
Content
Denial of Service might occur in certain circumstances with XML processing in IBM WebSphere Application Server Versions 4 and 5.

Versions affected:
Three APARs address these issues:
  • Version 5.0: APAR PQ70921 (XML Parser Denial of Service attack using DTD)
    • PQ70921 does not occur in Version 5.0.1 or later
  • Versions 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5: APAR PQ69451 (XML Parser Denial of Service attack using DTD)
    • PQ69451 does not occur in Version 4.0.6 or later
  • Versions 5.0, 5.0.1, 5.0.2, and 5.0.2.1: APAR PQ81278 (Web Services Denial of Service problem with XML Attributes)

Solution:
APAR fixes are available for download from the IBM WebSphere Application Server support website to address these issues:
  • For PQ70921, apply interim fix APAR PQ70921 or Fix Pack 1 (5.0.1) or later.
  • For PQ69451, apply interim fix APAR PQ69451 or Fix Pack 6 (4.0.6) or later.
  • For PQ81278, apply interim fix APAR PQ81278.

To download an interim fix or Fix Pack:
  1. Go to the WebSphere Application Server support page.
    • For PQ70921, search for "Fix Pack 5.0.1", "Fix Pack 5.0.2" or "PQ70921".
    • For PQ69451, search for "Fix Pack 4.0.6" or "PQ69451".
    • For PQ81278, search for "PQ81278".
  2. Click on the download link to download the fixes required.

Note: The Update Installer is required to install interim fixes and fix packs for Version 5.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Web Services (for example: SOAP or UDDI or WSGW or WSIF)
Operating system(s): Windows
Software version: 5.0.2.1
Software edition:
Reference #: 1155959
IBM Group: Software Group
Modified date: Sep 10, 2004