Possible Denial of Service exposures with Web Services in IBM WebSphere Application Server Versions 4 and 5 (PQ70921, PQ69451 and PQ81278)
 Flash (Alert)
 
Abstract
Possible Denial of Service exposures with Web Services in IBM® WebSphere® Application Server Versions 4 and 5 (PQ70921, PQ69451 and PQ81278)
 
Content
Denial of Service might occur in certain circumstances with XML processing in IBM WebSphere Application Server Versions 4 and 5.

Versions affected:
Three APARs address these issues:
  • Version 5.0: APAR PQ70921 (XML Parser Denial of Service attack using DTD)
    • PQ70921 does not occur in Version 5.0.1 or later
  • Versions 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5: APAR PQ69451 (XML Parser Denial of Service attack using DTD)
    • PQ69451 does not occur in Version 4.0.6 or later
  • Versions 5.0, 5.0.1, 5.0.2, and 5.0.2.1: APAR PQ81278 (Web Services Denial of Service problem with XML Attributes)

Solution:
APAR fixes are available for download from the IBM WebSphere Application Server support website to address these issues:
  • For PQ70921, apply interim fix APAR PQ70921 or Fix Pack 1 (5.0.1) or later.
  • For PQ69451, apply interim fix APAR PQ69451 or Fix Pack 6 (4.0.6) or later.
  • For PQ81278, apply interim fix APAR PQ81278.

To download an interim fix or Fix Pack:
  1. Go to the WebSphere Application Server support page.
    • For PQ70921, search for "Fix Pack 5.0.1", "Fix Pack 5.0.2" or "PQ70921".
    • For PQ69451, search for "Fix Pack 4.0.6" or "PQ69451".
    • For PQ81278, search for "PQ81278".
  2. Click on the download link to download the fixes required.

Note: The Update Installer is required to install interim fixes and fix packs for Version 5.
 
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Web Services (for example: SOAP or UDDI or WSGW or WSIF)
Operating system(s): Windows
Software version: 5.0.2.1
Software edition:
Reference #: 1155959
IBM Group: Software Group
Modified date: Sep 10, 2004