[prev in list] [next in list] [prev in thread] [next in thread]
List: axis-dev
Subject: Re: DO NOT REPLY [Bug 14105] New: - axis is vulnerable to XXE
From: "Steve Loughran" <steve_l () iseran ! com>
Date: 2002-10-31 0:28:20
[Download RAW message or body]
----- Original Message -----
From: "Davanum Srinivas" <dims@yahoo.com>
To: <axis-dev@xml.apache.org>
Sent: Wednesday, October 30, 2002 3:57 PM
Subject: Re: DO NOT REPLY [Bug 14105] New: - axis is vulnerable to XXE
> Steve,
>
> See http://marc.theaimsgroup.com/?l=axis-dev&m=103601859604566&w=2 for my
fixes and test cases.
>
> Thanks,
> dims
>
ahh. all is well.
The problem I had in the past was that our service was rendering SVG, and
was vulnerable to xlink:href paths, and the actual (native) code that did
the rendering wasnt ours. We had to clean up the XML before it went in,
which is harder than you'd think.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic