|
|
|
@ -1,7 +1,8 @@ |
|
|
|
The results of an attack on a vulnerable XML library can be fairly dramatic. |
|
|
|
With just a few hundred Bytes of XML data an attacker can occupy several |
|
|
|
Gigabytes of memory within seconds. An attacker can also keep CPUs busy for a |
|
|
|
long time with a small to medium size request. Under some circumstances it is |
|
|
|
even possible to access local files on your server, to circumvent a firewall, |
|
|
|
or to abuse services to rebound attacks to third parties. This library allows |
|
|
|
for XML to be parsed in a manner that avoids these pitfalls. |
|
|
|
The results of an attack on a vulnerable XML library can be fairly |
|
|
|
dramatic. With just a few hundred Bytes of XML data an attacker |
|
|
|
can occupy several Gigabytes of memory within seconds. An attacker |
|
|
|
can also keep CPUs busy for a long time with a small to medium size |
|
|
|
request. Under some circumstances it is even possible to access local |
|
|
|
files on your server, to circumvent a firewall, or to abuse services |
|
|
|
to rebound attacks to third parties. This library allows for XML to |
|
|
|
be parsed in a manner that avoids these pitfalls. |
B. Watson
4 years ago