This article exposes a design flaw in WebSphere's default StAX implementation (XLXP 2) that can be exploited to perform a denial-of-service attack.| Andreas Veithen's blog
