August 06, 2009, 12:20 PM — Sun on Wednesday posted an alert regarding a security vulnerability in its XML libraries, which was first brought to light by security vendor Codenomicon. Sun has also made available an update to fix the glitch.
The vulnerability, which was also found in XML libraries from Apache Software Foundation and Python Software Foundation, could result in Denial-of-Service (DoS) attacks if a user opens a certain XML file, or if malicious requests are submitted to Web services in charge of XML content, says Codenomicon. This can render an application unresponsive that is running on Sun’s Java Realtime Environment (JRE) built on top of the XML libraries.
The Sun advisory says there is no workaround for the vulnerability, but has issued a fix in its Java SE and Java SE for Business releases for Windows, Solaris, and Linux.
Sun offered thanks to Codenomicon and CERT-FI, the Finnish arm of the Computer Emergency Response Team, for discovering the vulnerability and bringing it to the vendor’s attention. Codenomicon found the vulnerability using its fuzzing techniques that are explained here.
Do you tweet? Follow me on Twitter here.