My Oracle Support Banner

How to Configure WebLogic Server not to Reference an External Document Type Definition (DTD) Defined in <!DOCTYPE> (Doc ID 2582120.1)

Last updated on NOVEMBER 09, 2022

Applies to:

Oracle WebLogic Server - Version 10.3.6 and later
Information in this document applies to any platform.


When WebLogic server receives an XML document such as an SAML response that has <!DOCTYPE> containing external DTD reference as follows, the XML parser in WebLogic will follow the reference to the http:/external-website to get the sample.dtd so that it can validate the received XML document against the DTD file. 

This may present security concern for some running environments that do not allow WebLogic to retrieve information from an external website. How to disable to default behavior?



To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.