yep.
On Thu, 20 May 2004 21:51:05 -0400, insoo lee <[EMAIL PROTECTED]> wrote: > > > > Could you please let me know if following security issue has been resolved? > > http://xmlfr.org/cache/0014.html > > Thanks much. > Insoo > > >>> > > => Summary: Using the DTD part of the XML document, it is possible to cause the > XML parser to consume 100% CPU and/or a lot of memory, therefore resulting in > a denial of service condition. > > => Description: The DTD part of the XML document enables the document to define > named entities (other than the predefined <, >, etc.). The entities can be > defined using other entities (recursion is prohibited in XML 1.0). > Entities are expanded when they are referenced, inside the XML document. > The attack is comprised of defining and referencing an entity which is defined > using two instances of another entity, which is (in turn) defined as two instances > of yet another entity, and so on. This definition process can be repeated as long > as "necessary" - we found that nesting level of 100 is usually sufficient. > The 100th entity should be defined simply as a string. This has the effect of having > the first entity contain, in theory, 2^99 (two to the power of ninety nine) > concatenated values of the 100th entity. > Here's an example (the DTD is to be placed after the XML declaration, and before the > root element of the XML document): > >
