[WEB SECURITY] Multi Vendor XML parser DOS Details?

Eugene Kuznetsov kuznetso at gmail.com
Fri Aug 7 14:13:58 EDT 2009


On Fri, 2009-08-07 at 09:51 -0700, Steve Orrin wrote:
> You can also check out my Defcon speech from 2007 that covers several 
> XML based DoS attacks with examples. 
> (http://www.defcon.org/images/defcon-15/dc15-presentations/dc-15-orrin.pdf). 
> Based on the available information, I am not seeing anything really new 
> with this announcement.

Agreed -- I gave talks on this topic dated back to 2001/2002, at least, 
and there were exploit examples on XML-specific mailing lists, too.
Including, for example, a short XML file that caused IE to consume
memory and CPU without bound, etc. 


 


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list