I recently received a security alert regarding Xerces XML parsers (see below). We have recently implemented an application that uses Castor, which uses Xerces 1.4.4, to parse XML requests for data. Are there any changes in the works to Xerces to combat this issue?
The Xerces XML parser included in multiple vendors' web services products is used to parse XML documents that contain Document Type Definitions (DTD). A remote attacker may configure the attributes of a document or object within a DTD or Simple Object Access Protocol message to cause a denial of service (DoS) attack against web systems running the parser. The malicious DTD sends the parser into an almost infinite loop, which exhausts CPU resources. ************************************************************************ This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. The sender does not accept liability for any errors or omissions. ************************************************************************ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
