Jian Liu [https://community.jboss.org/people/jliubay] created the discussion
"How to avoid parsing DTD in Soap Request" To view the discussion, visit: https://community.jboss.org/message/831863#831863 -------------------------------------------------------------- Web service has an XML expansion vulnerability by parsing DTD in the input soap message. Does anyone have a solution for turning off DTD loading/parsing for JAX-WS Web Services implemented using @WebService? JBoss AS 6 ships with CXF web services implementation. There seems to be a way to replace default parser according to http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf. But we are on JBoss5.2. Thaks. -------------------------------------------------------------- Reply to this message by going to Community [https://community.jboss.org/message/831863#831863] Start a new discussion in JBoss Web Services at Community [https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044]
_______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user