W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

[Bug 167] New: XML_ENTITY_DOS

From: <bugzilla@soe.ucsc.edu>
Date: Thu, 13 Oct 2005 09:52:57 -0700
Message-Id: <200510131652.j9DGqv2x008955@ietf.cse.ucsc.edu>
To: w3c-dist-auth@w3.org

http://ietf.cse.ucsc.edu:8080/bugzilla/show_bug.cgi?id=167

           Summary: XML_ENTITY_DOS
           Product: WebDAV-RFC2518-bis
           Version: -07
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: 19.  Security Considerations
        AssignedTo: joe-bugzilla@cursive.net
        ReportedBy: elias@cse.ucsc.edu
         QAContact: w3c-dist-auth@w3.org


Recursive entity declarations can be used for effective DOS attacks, and thus
WebDAV MUST allow servers to reject these kind of requests, even though they may
be well-formed).

http://lists.w3.org/Archives/Public/w3c-dist-auth/2003JanMar/0402.html



------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Thursday, 13 October 2005 16:53:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:10 GMT