[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)

Christian Heimes christian at python.org
Wed Feb 20 23:06:15 CET 2013

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 20.02.2013 22:02, schrieb Carl Meyer:

Also, despite the title of this thread, the vulnerabilities include fetching of external DTDs and entities (per standard), which opens up attacks that are worse than just denial-of-service. In our initial Django release advisory we carelessly lumped the potential XML vulnerabilities together under the "DoS" label, and were quickly corrected.

Right, I tried to address both kinds of issues in the title:

XML DoS vulnerabilities and (other XML) exploits

Christian

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list