[jira] [Updated] (DERBY-6807) XXE attack possible by using XmlVTI and the XML datatype

Rick Hillegas (JIRA) Sun, 17 May 2015 16:38:40 -0700

     [ 
https://issues.apache.org/jira/browse/DERBY-6807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Rick Hillegas updated DERBY-6807:
---------------------------------
    Description: 
The Derby XML datatype and XmlVTI can be exploited, via XXE-based attacks, to 
expose sensitive information or launch denial-of-service assaults. This issue 
has CVE id CVE-2015-1832. This issue was brought to our attention by Philippe 
Arteau.


  was:
The Derby XML datatype and XmlVTI can be exploited, via XXE-based attacks, to 
expose sensitive information or launch denial-of-service assaults. This issue 
has CVE id CVE-2015-1832.



> XXE attack possible by using XmlVTI and the XML datatype
> --------------------------------------------------------
>
>                 Key: DERBY-6807
>                 URL: https://issues.apache.org/jira/browse/DERBY-6807
>             Project: Derby
>          Issue Type: Bug
>    Affects Versions: 10.11.1.1
>            Reporter: Rick Hillegas
>
> The Derby XML datatype and XmlVTI can be exploited, via XXE-based attacks, to 
> expose sensitive information or launch denial-of-service assaults. This issue 
> has CVE id CVE-2015-1832. This issue was brought to our attention by Philippe 
> Arteau.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (DERBY-6807) XXE attack possible by using XmlVTI and the XML datatype

Reply via email to