Download
Abstract
There is a security exposure related to JAX-RS REST services.
Download Description
PM14765 resolves the following problem:
ERROR DESCRIPTION:
There is a security exposure related to JAX-RS REST services.
The exposure can cause data tampering, denial of service and
possible exposure of server file contents.
A malicious client may use DTD (Document Type Definitions)
to attack a JAX-RS REST service.
LOCAL FIX:
PROBLEM SUMMARY
USERS AFFECTED:
All users of IBM WebSphere Application
Server Feature Pack for Web 2.0
PROBLEM DESCRIPTION:
There is a security exposure related
to JAX-RS REST services.
RECOMMENDATION:
Install a fixpack containing this APAR
There is a security exposure related to JAX-RS REST services.
The exposure can cause data tampering, denial of service and
possible exposure of server file contents.
A malicious client may use DTD (Document Type Definitions) to
attack the JAX-RS REST service.
The exposure exists only on JAX-RS REST resources that require
parsing of XML data.
PROBLEM CONCLUSION:
The JAX-RS runtime is changed to disable the processing of
DTDs contained within incoming messages.
The fix for this APAR is currently targeted for inclusion
in the next release of Web20 Feature Pack following version
1.0.1.0. Please refer to the Recommended
Updates page for delivery information:
http://www.ibm.com/support/docview.wss?rs=180&uid=swg27004980
Prerequisites
Please download the UpdateInstaller below to install this fix.
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24027570