j-users, There was a vulnerability report relating to a denial of service attack with Xerces recently [1]. The vulnerability report does not appear to go into much detail, however the link [2] to the C++ impl of Xerces would suggest it relates to nested DTD structures (I assume infinite recursion).
The report lists all versions of Apache Xerces as being impacted. Would someone be able to confirm if there is an issue with Xerces for Java and if so what the actual issue is? Thanks in advance for any help. Regards, Jeff [1] https://www.cert.fi/en/reports/2009/vulnerability2009085.html [2] http://svn.apache.org/viewvc?view=rev&revision=781488 --------------------------------------------------------------------- To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org For additional commands, e-mail: j-users-h...@xerces.apache.org
