PQ69451, 4.0.x :XML Parser Denial of service attack
using DTD
Downloadable files
Abstract
Denial Of Services through using the DTD part of and XML
document, which the WebSphere® XML parser can consume 100% of CPU
resources.
Download Description
PQ69451 resolves the following problems:
ERROR DESCRIPTION:
CMVC Defect : 155616 WebSphere Application Server V4.0 all supported
platforms Denial of service through using the DTD part of an XML document,
which the WebSphere XML parser can consume 100% of CPU resources Denial
Service DTD XML Parser 100% CPU.
USERS AFFECTED:
All users of XERCES supplied by WebSphere Application Server
PROBLEM DESCRIPTION:
Denial of Service caused by using the DTD part of an XML document where
the WebSphere XML parser can consume 100% of CMP resources
RECOMMENDATION:
This problem is a result of the XML4J version that is used with WebSphere
Application Server. To resolve this problem, the WebSphere Application
Server 40X XML4J version was updated to 3.2.4. XML4J 3.2.4 contains a
patch for the denial of service security attack and is also needed for
SOAP.
PROBLEM CONCLUSION:
Replaced xerces.jar to correct this problem.
TEMPORARY FIX:
Efix placed on pq99999 site. Name is pq69451.jar
Prerequisites
None
Installation instructions
Please refer to the readme for detailed installation
instructions.