xerces-j-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Sinclair <j...@cooljeff.co.uk>
Subject Denial of service with Xerces?
Date Mon, 10 Aug 2009 21:18:53 GMT
j-users,

There was a vulnerability report relating to a denial of service attack
with Xerces recently [1]. The vulnerability report does not appear to go
into much detail, however the link [2] to the C++ impl of Xerces would
suggest it relates to nested DTD structures (I assume infinite
recursion).

The report lists all versions of Apache Xerces as being impacted. Would
someone be able to confirm if there is an issue with Xerces for Java and
if so what the actual issue is?

Thanks in advance for any help.

Regards,

Jeff


[1] https://www.cert.fi/en/reports/2009/vulnerability2009085.html
[2] http://svn.apache.org/viewvc?view=rev&revision=781488



---------------------------------------------------------------------
To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org


Mime
View raw message