Computer Security

Multiple XML parsers DTD DoS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Multiple XML parsers DTD DoS
Published:17.12.2002
Source:BUGTRAQ
SecurityVulns ID:2483
Type:local
Level:5/10
Description:By using DTD part of XML document it's possible to cause 100% CPU exhaustion.
Affected:BEA : WebLogic Server 6.0
 ORACLE : WebLogic Server 6.1
 ADOBE : JRun 4.0
 ORACLE : WebLogic Server 7.0
 MACROMEDIA : ColdFusion MX
 SYBASE : EAServer 4.1
 BEA : WebLogic Integration 2.1
 BEA : WebLogic Integration 7.0
Original documentdocumentAmit Klein, Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD (17.12.2002)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru