[prev in list] [next in list] [prev in thread] [next in thread] 

List:       axis-dev
Subject:    Re: DO NOT REPLY [Bug 14105] New:  -     axis is vulnerable to XXE
From:       "Steve Loughran" <steve_l () iseran ! com>
Date:       2002-10-31 0:28:20
[Download RAW message or body]


----- Original Message -----
From: "Davanum Srinivas" <dims@yahoo.com>
To: <axis-dev@xml.apache.org>
Sent: Wednesday, October 30, 2002 3:57 PM
Subject: Re: DO NOT REPLY [Bug 14105] New: - axis is vulnerable to XXE


> Steve,
>
> See http://marc.theaimsgroup.com/?l=axis-dev&m=103601859604566&w=2 for my
fixes and test cases.
>
> Thanks,
> dims
>

ahh. all is well.

The problem I had in the past was that our service was rendering SVG, and
was vulnerable to xlink:href paths, and the actual (native) code that did
the rendering wasnt ours. We had to clean up the XML before it went in,
which is harder than you'd think.

[prev in list] [next in list] [prev in thread] [next in thread]