How to Configure WebLogic Server not to Reference an External Document Type Definition (DTD) Defined in <!DOCTYPE>
(Doc ID 2582120.1)
Last updated on JUNE 20, 2024
Applies to:
Oracle WebLogic Server - Version 10.3.6 and laterInformation in this document applies to any platform.
Goal
When WebLogic server receives an XML document such as an SAML response that has <!DOCTYPE> containing external DTD reference as follows, the XML parser in WebLogic will follow the reference to the http:/external-website to get the sample.dtd so that it can validate the received XML document against the DTD file.
This may present security concern for some running environments that do not allow WebLogic to retrieve information from an external website. How to disable to default behavior?
Solution
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Goal |
Solution |
References |