axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tom Jordahl <t...@macromedia.com>
Subject RE: update requested on security alert
Date Fri, 24 Jan 2003 16:25:10 GMT

This was fixed in the Axis source code and is available in the latest CVS tree or the Axis
1.1 beta release.

--
Tom Jordahl
Macromedia Server Development



-----Original Message-----
From: Kari Whitcomb [mailto:whitcomb@zk3.dec.com]
Sent: Friday, January 24, 2003 9:20 AM
To: axis-dev@xml.apache.org
Subject: update requested on security alert


Back in November a security alert was posted on this list.  I'm looking 
for an update on the status of this problem.  The description of the 
problem was posted as:

Summary: Using the DTD part of the XML document, it is possible to cause 
the XML parser to consume 100% CPU and/or a lot of  memory, therefore 
resulting in a denial of service condition.

A link to the previous thread on this topic: 
http://marc.theaimsgroup.com/?l=axis-dev&m=103838167718099&w=2

Has there been any work done to correct this vulnerability?  Is there an 
expected release which will have the fix (if it is not currently available)?

Thanks,
Kari Whitcomb

Mime
View raw message