[WEB SECURITY] Multi Vendor XML parser DOS Details?

robert at webappsec.org robert at webappsec.org
Thu Aug 6 14:36:53 EDT 2009


There's been news about a new XML Parser Denial of Service that seems to affect multiple products.
Unfortunately I haven't seen any technical details as to what the issue is, does anyone
know what it is exactly?

I'm thinking one of the following?

XML Attribute Blowup (WASC TCv2)
http://projects.webappsec.org/XML-Attribute-Blowup

XML Entity Expansion (WASC TCv2)
http://projects.webappsec.org/XML-Entity-Expansion

Regards,
- Robert Auger
WASC Co Founder and Moderator of The Web Security Mailing List
http://www.webappsec.org/
http://www.cgisecurity.com/
http://www.qasec.com/


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list