Back in November a security alert was posted on this list. I'm looking
for an update on the status of this problem. The description of the
problem was posted as:
Summary: Using the DTD part of the XML document, it is possible to cause
the XML parser to consume 100% CPU and/or a lot of memory, therefore
resulting in a denial of service condition.
A link to the previous thread on this topic:
http://marc.theaimsgroup.com/?l=axis-dev&m=103838167718099&w=2
Has there been any work done to correct this vulnerability? Is there an
expected release which will have the fix (if it is not currently available)?
Thanks,
Kari Whitcomb
- RE: update requested on security alert Kari Whitcomb
- RE: update requested on security alert Tom Jordahl
