Support #2991: ensure that all XML parsing is done securely - Runtime Infrastructure - Golden Code Redmine

Support #2991

Support #2696: security review

ensure that all XML parsing is done securely

Added by Greg Shah over 8 years ago. Updated over 8 years ago.

Status:

New

Priority:

Normal

Assignee:

Target version:

Start date:

Due date:

% Done:

billable:

vendor_id:

GCD

case_num:

version_reported:

version_resolved:

History

#1 Updated by Greg Shah over 8 years ago

https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/
https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing

#2 Updated by Greg Shah over 8 years ago

A useful quote from one of the above articles:

"Java applications using XML libraries are particularly vulnerable to XXE because the default settings for most Java XML parsers is to have XXE enabled. To use these parsers safely, you have to explicitly disable XXE in the parser you use."

#3 Updated by Greg Shah over 8 years ago

Tracker changed from Bug to Support

Also available in: Atom PDF

Project

General

Profile

FWD » Core Development » Runtime Infrastructure

Issues