This was fixed in the Axis source code and is available in the latest CVS tree or the Axis 1.1 beta release.
-- Tom Jordahl Macromedia Server Development -----Original Message----- From: Kari Whitcomb [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 9:20 AM To: [EMAIL PROTECTED] Subject: update requested on security alert Back in November a security alert was posted on this list. I'm looking for an update on the status of this problem. The description of the problem was posted as: Summary: Using the DTD part of the XML document, it is possible to cause the XML parser to consume 100% CPU and/or a lot of memory, therefore resulting in a denial of service condition. A link to the previous thread on this topic: http://marc.theaimsgroup.com/?l=axis-dev&m=103838167718099&w=2 Has there been any work done to correct this vulnerability? Is there an expected release which will have the fix (if it is not currently available)? Thanks, Kari Whitcomb
