XML professionals might want to raise shields and go to red – or at least yellow – alert. Multiple flaws in popular XML libraries have been discovered, and experts believe that the fallout could be pretty severe.
Affected libraries include those from Apache, Python, and Sun, according to a statement from Codenomicon. What’s more, the problems aren’t at all new, as they were discovered in early 2009, and the official release indicates, “The impact of the discovered vulnerabilities varies from denial-of-service attacks to potential execution of malicious code on affected systems.”
Obviously, this isn’t good news for members of the XML community.
The potential saving grace is that Codenomicon tried to keep everything under its hat until some fixes could be readied. So, as long as the people behind the XML libraries do their job and you update your vulnerable software before someone takes a crack at the system, everything should be fine.
Also, if you’re curious about how Codenomicon came across all of these problems, the company’s supposed to release its new testing solution, DEFENSICS for XML, at a security conference in September.
Hopefully this scare will wind up being more of an educational opportunity than a disastrous development, then.
