[
https://issues.apache.org/jira/browse/KNOX-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16474617#comment-16474617
]
ASF subversion and git services commented on KNOX-1308:
-------------------------------------------------------
Commit 7439e6968d5ad9241ca242b04248080ea7e8c996 in knox's branch
refs/heads/master from [~pzampino]
[ https://git-wip-us.apache.org/repos/asf?p=knox.git;h=7439e69 ]
KNOX-1308 - Implement safeguards against XML entity injection/expansion in the
Admin API
> Implement safeguards against XML entity injection/expansion in the Admin API
> ----------------------------------------------------------------------------
>
> Key: KNOX-1308
> URL: https://issues.apache.org/jira/browse/KNOX-1308
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.0.0
> Reporter: Phil Zampino
> Assignee: Phil Zampino
> Priority: Major
> Fix For: 1.1.0
>
>
> |XML external entity injection. The tag *<!DOCTYPE foo [<!ENTITY xxeiltvf
> SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the
> server. Such a tag defines an external entity, *xxeiltvf*, which references a
> file on the server's filesystem. This entity could then be used within a data
> field in the XML document. The server's response contains the contents of the
> specified file, which could expose sensitive data.
>
>
> XML entity expansion attacks must also be prevented. The tag *<!DOCTYPE foo
> [<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1
> "&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY
> xeevowya3 "&xeevowya2;&xeevowya2;">]>* could be injected into XML. Such a tag
> creates a series of entities, each of which is recursively defined using the
> value of the preceding entity. The final entity can then be used within a
> data field in the XML document. The server's response contains the
> recursively expanded value of this entity. This could serve as a DOS attack
> vector.|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
