Uploaded image for project: 'RESTEasy'
  1. RESTEasy
  2. RESTEASY-647

RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part II

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Critical
    • 2.3.2.Final
    • 2.3.1
    • jaxrs
    • None
    • Medium

    Description

      For description, see RESTEASY-637. I fixed the problem for org.w3c.dom.Document inputs, but not for JAXB XML inputs.

      Attachments

        Issue Links

          clones

          Bug - A problem that impairs or prevents the functions of the product. RESTEASY-662 RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part II

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Bug - A problem that impairs or prevents the functions of the product. RESTEASY-659 RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks, Part III: Fastinfoset

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed
          is cloned by

          Bug - A problem that impairs or prevents the functions of the product. RESTEASY-637 RestEasy and XXE injection - Services that accept XML are vulnerable to XXE attacks

          • Critical - To be worked on immediately following BLOCKER issues.
          • Closed

          Activity

            People

              rsigal@redhat.com Ronald Sigal
              adkathuria_jira anuj kathuria (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: