This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 29244 - XML Validator vulnerable to XML bomb attacks
Summary: XML Validator vulnerable to XML bomb attacks
Status: NEW
Alias: None
Product: Validator
Classification: Unclassified
Component: Parser (show other bugs)
Version: HEAD
Hardware: All All
: P2 trivial
Target Milestone: ---
Assignee: M Travis
QA Contact: qa-dev tracking
Depends on:
Reported: 2015-10-26 20:12 UTC by comfreek
Modified: 2017-04-16 09:13 UTC (History)
2 users (show)

See Also:


Description comfreek 2015-10-26 20:12:49 UTC
1. Open
2. Paste the source code for the billion laughs attack:
3. Server responds with "500 Internal Server Error"
Comment 1 M Travis 2017-04-16 00:42:19 UTC
Here is a similar attack