Download
Abstract
There is a security exposure related to JAX-WS web services.
Download Description
PM14847 resolves the following problem:
ERROR DESCRIPTION:?
There is a security exposure related to JAX-WS web services.
The exposure can cause data tampering, denial of service and possible exposure of server file contents.
A malicious client may use DTD (Document Type Definitions) to attack the JAX-WS Web service.
LOCAL FIX:
PROBLEM SUMMARY:
USERS AFFECTED:
IBM WebSphere Application Server Feature Pack for Web Services users of JAX-WS
PROBLEM DESCRIPTION:
There is a security exposure related to JAX-WS web services.
RECOMMENDATION:
Install a fixpack containing this APAR
There is a security exposure related to JAX-WS web services.
The exposure can cause data tampering, denial of service and possible exposure of server file contents.
A malicious client may use DTD (Document Type Definitions) to attack the JAX-WS Web service.
The exposure is greater if the endpoint hosts XML/HTTP (i.e. not SOAP) Web services.
PROBLEM CONCLUSION:
The JAX-WS web service runtime is changed to disable the processing of DTD's contained within incoming messages.
The fix for this APAR is currently targeted for inclusion in
fix pack 6.1.0.33. Please refer to the Recommended Updates
page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24027019