[WEB SECURITY] Multi Vendor XML parser DOS Details?

Richard Moore rich at westpoint.ltd.uk
Fri Aug 7 04:34:58 EDT 2009


robert at webappsec.org wrote:
> There's been news about a new XML Parser Denial of Service that seems
> to affect multiple products. Unfortunately I haven't seen any
> technical details as to what the issue is, does anyone know what it
> is exactly?

No idea on the details they're planning to announce, but the
attacks that sprung to my mind were entity inclusion attacks.
http://www.securiteam.com/securitynews/6D0100A5PU.html
http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf

These are very common in current web applications.

Rich.

> 
> I'm thinking one of the following?
> 
> XML Attribute Blowup (WASC TCv2) 
> http://projects.webappsec.org/XML-Attribute-Blowup
> 
> XML Entity Expansion (WASC TCv2) 
> http://projects.webappsec.org/XML-Entity-Expansion
> 
> Regards, - Robert Auger WASC Co Founder and Moderator of The Web
> Security Mailing List http://www.webappsec.org/ 
> http://www.cgisecurity.com/ http://www.qasec.com/
> 
> 
> ----------------------------------------------------------------------------
>  Join us on IRC: irc.freenode.net #webappsec
> 
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> 
> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS
> Feed]
> 
> Join WASC on LinkedIn 
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> 


-- 
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list