Multiple Vendor XML DTD Parameter Entity SOAP Server Denial Of Service Vulnerability

A problem has been identified in several different SOAP servers when handling certain types of SOAP requests.

The problem is in the handling of SOAP requests that contain references to DTD parameter entities. By making a SOAP request with maliciously crafted DTD data, it is possible to trigger a prolonged denial of web services.


 

Privacy Statement
Copyright 2010, SecurityFocus