eFix (APAR): PQ69451 Status: eFix Release: 4.0.5,4.0.4,4.0.3,4.0.2,4.0.1 Operating System: All Supersedes eFixes: CMVC Defect: PQ69451 Byte size of APAR: 1714646 Date: Tue Jan 07 11:54:00 EST 2003 Abstract: XML Parser Denial of Service Attack using DTD Description/symptom of problem: DENIAL OF SERVICE THROUGH USING THE DTD PART OF AN XML DOCUMENT, because of which WEBSPHERE XML PARSER CAN CONSUME 100% OF CPU RESOURCES Directions to apply efix: 1) Create temporary 'efix' directory to store the jar file: AIX: /tmp/WebSphere/efix Solaris/Linux: /tmp/WebSphere/efix Windows: c:\temp\WebSphere\efix 2) Copy jar file to the directory 3) Shutdown WebSphere 4) Run the jar file with the following command answering questions/prompts as they appear: java -jar 5) Restart WebSphere 6) The temp directory may be removed but the jar file should be saved. Do not remove any files created and stored in the /WebSphere/AppServer/efix/ directories. These files are required if an efix is to be removed. Directions to remove efix: NOTE: EFIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED. DO NOT REMOVE AN EFIX UNLESS ALL EFIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED. YOU MAY REAPPLY ANY REMOVED EFIX. Example: If your system has efix1, efix2, and efix3 applied in that order and efix2 is to be removed, efix3 must be removed first, efix2 removed, and efix3 re-applied. 1) Change directory to the efix location (/WebSphere/AppServer/efix/). 2) Shutdown WebSphere 3) Run the backup jar file with the following command: java -jar 4) Restart WebSphere Directions to re-apply efix: Follow the instructions for applying an efix. If the backup files still exist (from the previous efix application), you will be prompted to overwrite. Answer 'yes' at the overwrite prompts. Additional Information: ------------------------------------------------------------------