[WEB SECURITY] Multi Vendor XML parser DOS Details?

Schmidt, Chris cschmidt at servicemagic.com
Fri Aug 7 10:57:07 EDT 2009


Entity Expansion is the biggie here, at least according to the Diff in
Xerces patch.

http://svn.apache.org/viewvc/xerces/c/trunk/src/xercesc/validators/DTD/D
TDScanner.cpp?r1=709149&r2=781488&pathrev=781488&diff_format=h


-----Original Message-----
From: Richard Moore [mailto:rich at westpoint.ltd.uk] 
Sent: Friday, August 07, 2009 2:35 AM
To: robert at webappsec.org
Cc: websecurity at webappsec.org
Subject: Re: [WEB SECURITY] Multi Vendor XML parser DOS Details?

robert at webappsec.org wrote:
> There's been news about a new XML Parser Denial of Service that seems
> to affect multiple products. Unfortunately I haven't seen any
> technical details as to what the issue is, does anyone know what it
> is exactly?

No idea on the details they're planning to announce, but the
attacks that sprung to my mind were entity inclusion attacks.
http://www.securiteam.com/securitynews/6D0100A5PU.html
http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf

These are very common in current web applications.

Rich.

> 
> I'm thinking one of the following?
> 
> XML Attribute Blowup (WASC TCv2) 
> http://projects.webappsec.org/XML-Attribute-Blowup
> 
> XML Entity Expansion (WASC TCv2) 
> http://projects.webappsec.org/XML-Entity-Expansion
> 
> Regards, - Robert Auger WASC Co Founder and Moderator of The Web
> Security Mailing List http://www.webappsec.org/ 
> http://www.cgisecurity.com/ http://www.qasec.com/
> 
> 
>
------------------------------------------------------------------------
----
>  Join us on IRC: irc.freenode.net #webappsec
> 
> Have a question? Search The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> 
> Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS
> Feed]
> 
> Join WASC on LinkedIn 
> http://www.linkedin.com/e/gis/83336/4B20E4374DBA
> 
> 


-- 
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

------------------------------------------------------------------------
----
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list