A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://mail.python.org/pipermail/python-dev/2013-February/124239.html below:

[Python-Dev] XML DoS vulnerabilities and exploits in Python

[Python-Dev] XML DoS vulnerabilities and exploits in Python [Python-Dev] XML DoS vulnerabilities and exploits in PythonEli Bendersky eliben at gmail.com
Thu Feb 21 19:39:17 CET 2013 
On Thu, Feb 21, 2013 at 9:23 AM, Stephen J. Turnbull <stephen at xemacs.org>wrote:

> Jesse Noller writes:
>
>  > I guess someone need to write a proof of concept exploit for you
>  > and release it into the wild.
>
> This is a bit ridiculous.  This stuff looks easy enough that surely
> Christian's post informed any malicious body who didn't already know
> how to do it.  If the exploit matters, it's already in the wild.
> ("Hey, didja know that an XML processor that expands entities does so
> recursively?"  "Uh-oh ....")
>


Just to clarify for my own curiosity. These attacks (e.g.
http://en.wikipedia.org/wiki/Billion_laughs) have been known and public
since 2003?

Eli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-dev/attachments/20130221/65a9ab96/attachment.html>
More information about the Python-Dev mailing list

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4