Phil Zampino created KNOX-1308:
----------------------------------
Summary: Implement safeguards against XML entity
injection/expansion in the Admin API
Key: KNOX-1308
URL: https://issues.apache.org/jira/browse/KNOX-1308
Project: Apache Knox
Issue Type: Bug
Components: Server
Affects Versions: 1.0.0
Reporter: Phil Zampino
Assignee: Phil Zampino
Fix For: 1.1.0
|XML external entity injection. The tag *<!DOCTYPE foo [<!ENTITY xxeiltvf
SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the server.
Such a tag defines an external entity, *xxeiltvf*, which references a file on
the server's filesystem. This entity could then be used within a data field in
the XML document. The server's response contains the contents of the specified
file, which could expose sensitive data.
XML entity expansion attacks must also be prevented. The tag *<!DOCTYPE foo
[<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1
"&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY
xeevowya3 "&xeevowya2;&xeevowya2;">]>* could be injected into XML. Such a tag
creates a series of entities, each of which is recursively defined using the
value of the preceding entity. The final entity can then be used within a data
field in the XML document. The server's response contains the recursively
expanded value of this entity. This could serve as a DOS attack vector.|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
