IBM Support

PH38310: XML PARSER DOES NOT RECOGNIZE THE SETTING WHICH DISABLES PROCESSING OF DOCTYPE

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • Exceptions occurring while reading XML data.

The core exception is a SAXNotRecognizedException which shows
"disallow-doctype-decl" as a part of the exception text.  For
example:

org.xml.sax.SAXNotRecognizedException:
http://apache.org/xml/features/disallow-doctype-decl
at
org.apache.xerces.parsers.AbstractSAXParser.setFeature(Unknown
Source)
at org.apache.xerces.jaxp.SAXParserImpl.setFeatures(Unknown
Source)
at org.apache.xerces.jaxp.SAXParserImpl.<init>(Unknown Source)
at org.apache.xerces.jaxp.SAXParserFactoryImpl.newSAXParserImp
l(UnknownSource)
at
org.apache.xerces.jaxp.SAXParserFactoryImpl.setFeature(Unknown
Source)
at org.eclipse.emf.ecore.xmi.impl.XMLLoadImpl.makeParser(XMLLo
adImpl.java:370)
at org.eclipse.emf.ecore.xmi.impl.XMLLoadImpl.load(XMLLoadImpl
.java:189)

The SAXNotRecognizedException may not be displayed, or may
only be displayed when trace is enabled. In this case, the
symptom will be a secondary exception, most
often, a NullPointerException or an IndexOutOfBoundsException.

For example:

Failed to login with federated repository user, SystemErr.log:
Caused by: java.lang.NullPointerException
at com.ibm.websphere.wim.util.SDOHelper.deepCloneRootDataObject

Also for example:

WSVR0067E: EJB container caught
com.ibm.ws.exception.RuntimeError:
WSWS7254E: Client binding information for the Sample.jar
module in the Sample application could not be processed due
to the following error:
org.eclipse.emf.common.util.BasicEList$BasicIndexOutOfBoundsExce
ption: index=0, size=0.
at
com.ibm.ws.websvcs.component.WASAxis2ClientImpl.loadClientURLI
nfo(WASAxis2ClientImpl.java:500)
at
com.ibm.ws.websvcs.component.WASAxis2ComponentImpl.metaDataCre
ated(WASAxis2ComponentImpl.java:1130)
at
com.ibm.ws.runtime.component.MetaDataMgrImpl.fireMetaDataCreat
ed(MetaDataMgrImpl.java:432)
at
com.ibm.ws.runtime.component.MetaDataMgrImpl.fireMetaDataCreat
ed(MetaDataMgrImpl.java:286)
at
com.ibm.ws.runtime.component.WASEJBRuntimeImpl.fireMetaDataCre
at
ed(WASEJBRuntimeImpl.java:676)

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:  All users of IBM WebSphere Application      *
*                  Server that include a SAX parser with       *
*                  an application                              *
****************************************************************
* PROBLEM DESCRIPTION: SAXNotRecognizedException occurs        *
*                      when an application includes a SAX      *
*                      parser which does not support the       *
*                      disabling of DOCTYPE.                   *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
Necessary code was added to WebSphere Application Server in
8.5.5.20 and 9.0.5.7 which disables DOCTYPE processing in XML
files.  The problem only occurs if another SAX parser takes
precedence over the SAX Parser included in WebSphere
Application Server which is located in
<WAS_HOME>/plugins/com.ibm.xml.jar

    



Problem conclusion


    

  • The WebSphere Application Server code has been updated with an
alternative solution for disabling DOCTYPE processing in
XML files.

The fix for this APAR is targeted for inclusion in fix pack
8.5.5.21 and 9.0.5.10.
For more information, see 'Recommended Updates for
WebSphere Application Server':
https://www.ibm.com/support/pages/node/715553

    



Temporary fix


    

  • As a temporary fix only, you can set the following JVM custom
properities.  Unfortunately, this temporary fix  will make the
server vulnerable to XXE attack.

It is important to remember the server is vulnerable with
these settings.  Remove the settings after you apply the
PH38310 ifix or after upgrading to a fix pack containing
PH38310.

org.eclipse.emf.ecore.xmi.impl.AllowDocTypes=true
org.eclipse.emf.ecore.xmi.impl.AllowLoadExternalDtds=true
org.eclipse.emf.ecore.xmi.impl.AllowExternalGeneralEntities=true
org.eclipse.emf.ecore.xmi.impl.AllowExternalParameterEntities=
true

    



Comments


    

  • 



APAR Information




    

  • APAR number
    PH38310
    • 

  • Reported component name
    WEBS APP SERV N
    • 

  • Reported component ID
    5724H8800
    • 

  • Reported release
    900
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-06-21
    • 

  • Closed date
    2021-08-19
    • 

  • Last modified date
    2021-10-11
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    WEBS APP SERV N
    • 

  • Fixed component ID
    5724H8800
    • 



Applicable component levels


    

  • R700  PSY
       UP
    • 

  • R800  PSY
       UP
    • 

  • R850  PSY
       UP
    • 

  • R900  PSY
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            02 November 2021
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback