W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > October to December 2005

[Bug 167] New: XML_ENTITY_DOS

From: <bugzilla@soe.ucsc.edu>
Date: Thu, 13 Oct 2005 09:52:57 -0700
Message-Id: <200510131652.j9DGqv2x008955@ietf.cse.ucsc.edu>
To: w3c-dist-auth@w3.org


           Summary: XML_ENTITY_DOS
           Product: WebDAV-RFC2518-bis
           Version: -07
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: normal
          Priority: P2
         Component: 19.  Security Considerations
        AssignedTo: joe-bugzilla@cursive.net
        ReportedBy: elias@cse.ucsc.edu
         QAContact: w3c-dist-auth@w3.org

Recursive entity declarations can be used for effective DOS attacks, and thus
WebDAV MUST allow servers to reject these kind of requests, even though they may
be well-formed).


------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.
Received on Thursday, 13 October 2005 16:53:01 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 7 January 2015 15:01:33 UTC