axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kari Whitcomb <whitc...@zk3.dec.com>
Subject update requested on security alert
Date Fri, 24 Jan 2003 14:19:31 GMT
Back in November a security alert was posted on this list.  I'm looking 
for an update on the status of this problem.  The description of the 
problem was posted as:

Summary: Using the DTD part of the XML document, it is possible to cause 
the XML parser to consume 100% CPU and/or a lot of  memory, therefore 
resulting in a denial of service condition.

A link to the previous thread on this topic: 
http://marc.theaimsgroup.com/?l=axis-dev&m=103838167718099&w=2

Has there been any work done to correct this vulnerability?  Is there an 
expected release which will have the fix (if it is not currently available)?

Thanks,
Kari Whitcomb


Mime
View raw message