xerces-j-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeffrey Sinclair <j...@cooljeff.co.uk>
Subject Denial of service with Xerces?
Date Mon, 10 Aug 2009 21:18:53 GMT

There was a vulnerability report relating to a denial of service attack
with Xerces recently [1]. The vulnerability report does not appear to go
into much detail, however the link [2] to the C++ impl of Xerces would
suggest it relates to nested DTD structures (I assume infinite

The report lists all versions of Apache Xerces as being impacted. Would
someone be able to confirm if there is an issue with Xerces for Java and
if so what the actual issue is?

Thanks in advance for any help.



[1] https://www.cert.fi/en/reports/2009/vulnerability2009085.html
[2] http://svn.apache.org/viewvc?view=rev&revision=781488

To unsubscribe, e-mail: j-users-unsubscribe@xerces.apache.org
For additional commands, e-mail: j-users-help@xerces.apache.org

View raw message