Lists Home |
Date Index |
Karl Waclawek writes:
> According to James Clark it is a reasonably well known XML
> vulnerability. I can e-mail you. I am not sure if I should
> post it publicly - any comments on that?
[note: I've seen it by private mail]
Yes, you should post it publicly, for two reasons:
1. People cannot protect themselves against what they don't know.
2. There's very little XML flowing outside the firewall (virtually nil
in Web terms), so there's not much for a script kiddie to attack.
I suppose we need to consider XML-aware Web browsers like MSIE, but
you hardly need a sophisticated attack to crash those anyway.
All the best,
David Megginson, firstname.lastname@example.org, http://www.megginson.com/