多厂商通过SOAP服务解析XML文档拒绝服务安全漏洞
发布日期: 2003-12-19
受影响系统:
IBM Websphere Application Server 5.0.2.1
IBM Websphere Application Server 5.0.2
IBM Websphere Application Server 5.0.1
IBM Websphere Application Server 5.0
Macromedia JRun 4.0 SP1a
Macromedia JRun 4.0 SP1
Macromedia JRun 4.0 build 61650
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.0 SP1
Microsoft .NET Framework 1.0
Macromedia ColdFusion Server MX J2EE 6.1
Macromedia ColdFusion Server MX J2EE 6.0
Macromedia ColdFusion Server MX J2EE 5.0
Macromedia ColdFusion Server MX 6.1
Macromedia ColdFusion Server MX 6.0
详细描述:
ColdFusion MX和JRun 4 Web及IBM WebSphere服务程序使用默认的Apache Crimson XML解析器处理WEB服务SOAP请求。多家厂商在通过SOAP服务解析XML文档时存在问题,远程安全者可以利用这个漏洞对服务进行拒绝服务安全。安全者可以使用XML属性构建恶意SOAP请求,可在目录SOAP服务器上产生拒绝服务条件,此类安全可使XML解析器在长时间内消耗所有CPU资源,停止对其他正常服务的响应。
补丁下载:
IBM
---
WebSphere Application Server 5.0.x可从如下地址获得升级程序:
http://www-1.ibm.com/support/docview.wss?rs=180&tc=SSEQTP&uid=swg24001908
Macromedia
----------
Macromedia JRun 4.0 SP1a:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia JRun 4.0 SP1:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia JRun 4.0 build 61650:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia ColdFusion MX J2EE 5.0:
Macromedia Patch mpsb03_07_was5.zip
http://download.macromedia.com/pub/security/mpsb03_07_was5.zip
Macromedia ColdFusion MX J2EE 6.0:
Macromedia Patch mpsb03_07_was5.zip
http://download.macromedia.com/pub/security/mpsb03_07_was5.zip
Macromedia ColdFusion MX 6.0:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia ColdFusion MX 6.1:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia ColdFusion MX J2EE 6.1:
Macromedia Patch mpsb03_07_was5.zip
http://download.macromedia.com/pub/security/mpsb03_07_was5.zip
