Thursday, August 6, 2009

Researchers find large-scale XML library flaw - Sun, Apache and Python vulnerable

| Brett D. Arion |
Researchers from Codenomicon, working with CERT-FI in Finland, have uncovered a series of flaws in the eXtensible Markup Language (XML) libraries that could pose a serious security risk. The flaws uncovered deal with the way open-source programs process XML functions.

The flaws could be exploited by crafting a specially designed XML file, or by sending specific requests to XML engines.

Application makers such as Sun Microsystems, Apache and Python are all expected to release new versions of their XML libraries to counter the problem in the next 24 hours. The researchers waited until such library upgrades were available before releasing news of the vulnerabilities.



Reblog this post [with Zemanta]

Free Security Magazines