安全研究
安全漏洞
多家厂商XML解析器SOAP服务拒绝服务攻击漏洞
发布日期:2003-12-09
更新日期:2003-12-15
受影响系统:
IBM Websphere Application Server 5.0.2.1描述:
IBM Websphere Application Server 5.0.2
IBM Websphere Application Server 5.0.1
IBM Websphere Application Server 5.0
Macromedia JRun 4.0 SP1a
Macromedia JRun 4.0 SP1
Macromedia JRun 4.0 build 61650
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.0 SP1
Microsoft .NET Framework 1.0
Macromedia ColdFusion Server MX J2EE 6.1
Macromedia ColdFusion Server MX J2EE 6.0
Macromedia ColdFusion Server MX J2EE 5.0
Macromedia ColdFusion Server MX 6.1
Macromedia ColdFusion Server MX 6.0
BUGTRAQ ID: 9185
ColdFusion MX和JRun 4 Web及IBM WebSphere服务程序使用默认的Apache Crimson XML解析器处理WEB服务SOAP请求。
多家厂商在通过SOAP服务解析XML文档时存在问题,远程攻击者可以利用这个漏洞对服务进行拒绝服务攻击。
攻击者可以使用XML属性构建恶意SOAP请求,可在目录SOAP服务器上产生拒绝服务条件,此类攻击可使XML解析器在长时间内消耗所有CPU资源,停止对其他正常服务的响应。
<*来源:Amit Klein (Amit.Klein@SanctumInc.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107099579703737&w=2
http://www-1.ibm.com/support/docview.wss?rs=180&context=SSEQTP&q=PQ81278&uid=swg24005943
http://www.securityfocus.com/advisories/6154
*>
建议:
厂商补丁:
IBM
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
WebSphere Application Server 5.0.x可从如下地址获得升级程序:
http://www-1.ibm.com/support/docview.wss?rs=180&tc=SSEQTP&uid=swg24001908
Macromedia
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Macromedia JRun 4.0 SP1a:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia JRun 4.0 SP1:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia JRun 4.0 build 61650:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia ColdFusion MX J2EE 5.0:
Macromedia Patch mpsb03_07_was5.zip
http://download.macromedia.com/pub/security/mpsb03_07_was5.zip
Macromedia ColdFusion MX J2EE 6.0:
Macromedia Patch mpsb03_07_was5.zip
http://download.macromedia.com/pub/security/mpsb03_07_was5.zip
Macromedia ColdFusion MX 6.0:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia ColdFusion MX 6.1:
Macromedia Patch mpsb03-07.zip
http://download.macromedia.com/pub/security/mpsb03-07.zip
Macromedia ColdFusion MX J2EE 6.1:
Macromedia Patch mpsb03_07_was5.zip
http://download.macromedia.com/pub/security/mpsb03_07_was5.zip
浏览次数:2793
严重程度:0(网友投票)
绿盟科技给您安全的保障