Fix (APAR): PQ81278 Status: Test Release: 5.0.2.1,5.0.2,5.0.1,5.0.0 Operating System: All Supersedes Fixes: CMVC Defect: PQ81278 Byte size of APAR: 1079496 Date: 2003-11-25 Abstract: Denial of Service problem with XML attributes. Description/symptom of problem: During the parsing of an XML document (e.g. by a SOAP server), a list of attributes is compiled for each parsed element. This is typically done by the underlying XML parsing facility (the XML parser). The time it takes the XML parser to compile the list of attributes (in a given XML element) can result in consuming an excessive amount of CPU resources. Applying PQ81278 to WebSphere Application Server 5.0.0, 5.0.1, 5.0.2, and 5.0.2.1 will protect against this type of attack. Directions to apply fix: NOTE: YOU MUST FIRST DOWNLOAD THE UPDATE INSTALLER TOOL IN ORDER TO INSTALL A FIX. The Fix Installer can be downloaded from the following link: http://www-3.ibm.com/software/webservers/appserv/support/index.html 1) Create temporary "fix" directory to store the jar file: UNIX: /tmp/WebSphere/fix Windows: c:\temp\WebSphere\fix 2) Copy jar file to the directory 3) Shutdown WebSphere 4) Follow the Fix installation instructions that are packaged with the Fix Installer on how to install the Fix. 5) Restart WebSphere 6) The temp directory may be removed. Directions to remove fix: NOTE: FIXES MUST BE REMOVED IN THE ORDER THEY WERE APPLIED. DO NOT REMOVE A FIX UNLESS ALL FIXES APPLIED AFTER IT HAVE FIRST BEEN REMOVED. YOU MAY REAPPLY ANY REMOVED FIX. Example: If your system has fix1, fix2, and fix3 applied in that order and fix2 is to be removed, fix3 must be removed first, fix2 removed, and fix3 re-applied. 1) Shutdown WebSphere 2) Follow the instructions that are packaged with the Fix Installer on how to uninstall the Fix. 3) Restart WebSphere Directions to re-apply fix: 1) Shutdown WebSphere 2) Follow the Fix instructions that are packaged with the Fix Installer on how to uninstall and reinstall the Fix. 3) Restart WebSphere