yep.

On Thu, 20 May 2004 21:51:05 -0400, insoo lee <[EMAIL PROTECTED]> wrote:
> 
> 
> 
> Could you please let me know if following security issue has been resolved?
> 
> http://xmlfr.org/cache/0014.html
> 
> Thanks much.
> Insoo
> 
> >>>
> 
> => Summary: Using the DTD part of the XML document, it is possible to cause the
> XML parser to consume 100% CPU and/or a lot of memory, therefore resulting in
> a denial of service condition.
> 
> => Description: The DTD part of the XML document enables the document to define
> named entities (other than the predefined &lt;, &gt;, etc.). The entities can be
> defined using other entities (recursion is prohibited in XML 1.0).
> Entities are expanded when they are referenced, inside the XML document.
> The attack is comprised of defining and referencing an entity which is defined
> using two instances of another entity, which is (in turn) defined as two instances
> of yet another entity, and so on. This definition process can be repeated as long
> as "necessary" - we found that nesting level of 100 is usually sufficient.
> The 100th entity should be defined simply as a string. This has the effect of having
> the first entity contain, in theory, 2^99 (two to the power of ninety nine)
> concatenated values of the 100th entity.
> Here's an example (the DTD is to be placed after the XML declaration, and before the
> root element of the XML document):
> 
>

Reply via email to