XML Library Flaws Affect Numerous Applications
SANS NewsBites Vol. 11 Num. 62 (August 6, 2009)
Researchers have uncovered a significant number of flaws in Extensible Markup Language (XML) libraries that could be exploited to crash machines and execute malicious code. The flaws affect large numbers of applications that use the libraries in question. Sun Microsystems, Apache, and Python products are known to be vulnerable.
http://www.securecomputing.net.au/News/152193,researchers-find-largescale-xml-library-flaws.aspx
http://www.theregister.co.uk/2009/08/06/xml_flaws/
http://voices.washingtonpost.com/securityfix/2009/08/researchers_xml_security_flaw.html
[Editor's Note (Northcutt): Uh Oh. This is not good. XML is behind the scenes in almost everything. I wonder whether XML gateways could be used to mitigate the problem to some extent.]
No comments:
Post a Comment