[
https://issues.apache.org/jira/browse/KNOX-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phil Zampino updated KNOX-1308:
-------------------------------
Description:
|XML external entity injection. The tag *<!DOCTYPE foo [<!ENTITY xxeiltvf
SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the server.
Such a tag defines an external entity, *xxeiltvf*, which references a file on
the server's filesystem. This entity could then be used within a data field in
the XML document. The server's response contains the contents of the specified
file, which could expose sensitive data.
XML entity expansion attacks must also be prevented. The tag *<!DOCTYPE foo
[<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1
"&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY
xeevowya3 "&xeevowya2;&xeevowya2;">]>* could be injected into XML. Such a tag
creates a series of entities, each of which is recursively defined using the
value of the preceding entity. The final entity can then be used within a data
field in the XML document. The server's response contains the recursively
expanded value of this entity. This could serve as a DOS attack vector.|
was:
|XML external entity injection. The tag *<!DOCTYPE foo [<!ENTITY xxeiltvf
SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the server.
Such a tag defines an external entity, *xxeiltvf*, which references a file on
the server's filesystem. This entity could then be used within a data field in
the XML document. The server's response contains the contents of the specified
file, which could expose sensitive data.
XML entity expansion attacks must also be prevented. The tag *<!DOCTYPE foo
[<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1
"&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY
xeevowya3 "&xeevowya2;&xeevowya2;">]>* could be injected into XML. Such a tag
creates a series of entities, each of which is recursively defined using the
value of the preceding entity. The final entity can then be used within a data
field in the XML document. The server's response contains the recursively
expanded value of this entity. This could serve as a DOS attack vector.|
> Implement safeguards against XML entity injection/expansion in the Admin API
> ----------------------------------------------------------------------------
>
> Key: KNOX-1308
> URL: https://issues.apache.org/jira/browse/KNOX-1308
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.0.0
> Reporter: Phil Zampino
> Assignee: Phil Zampino
> Priority: Major
> Fix For: 1.1.0
>
>
> |XML external entity injection. The tag *<!DOCTYPE foo [<!ENTITY xxeiltvf
> SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the
> server. Such a tag defines an external entity, *xxeiltvf*, which references a
> file on the server's filesystem. This entity could then be used within a data
> field in the XML document. The server's response contains the contents of the
> specified file, which could expose sensitive data.
>
>
> XML entity expansion attacks must also be prevented. The tag *<!DOCTYPE foo
> [<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1
> "&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY
> xeevowya3 "&xeevowya2;&xeevowya2;">]>* could be injected into XML. Such a tag
> creates a series of entities, each of which is recursively defined using the
> value of the preceding entity. The final entity can then be used within a
> data field in the XML document. The server's response contains the
> recursively expanded value of this entity. This could serve as a DOS attack
> vector.|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
