About XML Quadratic Blowup Attack:

An XML quadratic blowup attack is similar to a Billion Laughs attack

(http://en.wikipedia.org/wiki/Billion_laughs). Essentially, it exploits the use of entity expansion. Instead of deferring to the use of nested entities, it replicates one large entity using a couple thousand characters repeatedly.

A medium-sized XML document of approximately two hundred kilobytes may require anywhere within the range of one hundred MB to several GB of memory. When the attack is combined with a particular level of nested expansion, an attacker is then able to achieve a higher ratio of success.
- See more at: http://www.breaksec.com/?p=6362#sthash.05DoTigI.dpuf

<?xml version=&#8221;1.0&#8243;?>

<!DOCTYPE DoS [

<!ENTITY a "xxxxxxxxxxxxxxxxx...">

]>

<DoS>&x;&x;&x;&x;&x;&x;&x;&x;&x;&#8230;</DoS>
- See more at: http://www.breaksec.com/?p=6362#sthash.05DoTigI.dpuf

Exploit:
http://cxsecurity.com/issue/WLB-2014080046