Lists Home |
Date Index |
Bullard, Claude L (Len) wrote,
> Yep. However, since packets are sniffable?
Umm ... you've not been paying attention, have you ;-)
Other than the stuff David mentioned, the external entity attacks I
are directly applicable if RDDL documents are retrieved recklessly.
Elliotte RH's XInclude attack is similar,
and he came up with another entity variant here,
And there was also the BugTraq advisory reporting poor choices of
default retreival behaviour for external entities here by several
widely deployed parsers,
I wouldn't be at all surprised if we see another one some time in the
future reporting poor choices of retrieval behaviour for RDDL