Multiple Vendor XML Parser Denial Of Service Vulnerability

A denial of service vulnerability occurs in the XML parser, either Crimson or Xerces, used by several vendors.

An attacker can exploit this vulnerability by sending a specially crafted message to the SOAP interface used by the vulnerable software. When the XML parser receives this message, it will consume all available CPU resources. This will cause the system to become unresponsive to further requests for service thereby resulting in a denial of service condition.

This vulnerability has been previously described in BIDs 6363 and 6378 for Macromedia JRun and BEA Systems WebLogic.


Privacy Statement
Copyright 2010, SecurityFocus