From olivier.jaquemet at jalios.com  Mon Apr 14 00:32:08 2014
From: olivier.jaquemet at jalios.com (Olivier Jaquemet)
Date: Mon, 14 Apr 2014 09:32:08 +0200
Subject: [jdom-interest] "It's just XML, what could probably go wrong?"
Message-ID: <534B8EF8.5020208@jalios.com>

Hello all,

The following article explains many possible attacks against XML parsers 
available in python, and with some other programming languages, 
including a quick an partial note regarding Xerces.
Unfortunately the results on the vulnerability of the Java platform are 
incomplete, maybe some auditing of the JDom vulnerabilities could be 
performed based on the initial informations available here...?

Very interesting reading.

Regards,
Olivier Jaquemet

From olivier.jaquemet at jalios.com  Mon Apr 14 01:06:47 2014
From: olivier.jaquemet at jalios.com (Olivier Jaquemet)
Date: Mon, 14 Apr 2014 10:06:47 +0200
Subject: [jdom-interest] "It's just XML, what could probably go wrong?"
In-Reply-To: <534B8EF8.5020208@jalios.com>
References: <534B8EF8.5020208@jalios.com>
Message-ID: <534B9717.1070508@jalios.com>

I forgot to mention my sources, should you want to follow the same 
informations :

https://twitter.com/r_netsec
https://twitter.com/r_netsec/status/454917490447876096
http://www.reddit.com/r/netsec/comments/22u7o4/its_just_xml_what_could_probably_go_wrong/

On 14/04/2014 09:32, Olivier Jaquemet wrote:
> Hello all,
>
> The following article explains many possible attacks against XML 
> parsers available in python, and with some other programming 
> languages, including a quick an partial note regarding Xerces.
> Unfortunately the results on the vulnerability of the Java platform 
> are incomplete, maybe some auditing of the JDom vulnerabilities could 
> be performed based on the initial informations available here...?
>
> Very interesting reading.
>
> Regards,
> Olivier Jaquemet
> _______________________________________________
> To control your jdom-interest membership:
> http://www.jdom.org/mailman/options/jdom-interest/youraddr at yourhost.com
>