[Python-Dev] XML DoS vulnerabilities and exploits in Python (original) (raw)

Eli Bendersky eliben at gmail.com
Thu Feb 21 19:39:17 CET 2013

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 21, 2013 at 9:23 AM, Stephen J. Turnbull <stephen at xemacs.org>wrote:

Jesse Noller writes:

> I guess someone need to write a proof of concept exploit for you > and release it into the wild. This is a bit ridiculous. This stuff looks easy enough that surely Christian's post informed any malicious body who didn't already know how to do it. If the exploit matters, it's already in the wild. ("Hey, didja know that an XML processor that expands entities does so recursively?" "Uh-oh ....")

Just to clarify for my own curiosity. These attacks (e.g. http://en.wikipedia.org/wiki/Billion_laughs) have been known and public since 2003?

Eli -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.python.org/pipermail/python-dev/attachments/20130221/65a9ab96/attachment.html>

• Previous message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Next message: [Python-Dev] XML DoS vulnerabilities and exploits in Python
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Python-Dev mailing list