I should of course attach the patch as well, sorry.
This is the first time I'm submitting a patch, so I'm hoping this is the
right way to do it.
In our use of XML-RPC we have discovered a security issue regarding the
use of external entities in XML. By creating a custom XML message and
This is the first time I'm submitting a patch, so I'm hoping this is the
right way to do it.
In our use of XML-RPC we have discovered a security issue regarding the
use of external entities in XML. By creating a custom XML message and
sending it to the XML-RPC handling service it is possible
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Thanks for your message, however ...
Sorry but I'm closing this email box down and will not be checking email sent
to it any longer.
If this was a genuine email then please update your email address for me to
jamie[dot]howard[at]web-engineer[dot]co[dot]uk and resend your message,
otherwise I
Hi, Johan,
lets distinguish between two different questions:
- Whether there is a security issue. If so, this is of course of
general interest and ought to be fixed immediately.
I can imagine that you include an external entity into the clients
message. I can also imagine that this adds a local
Hello Jochen,
In our application there is definitely a security issue, and I know for
a fact that it can be solved by setting the features
http://xml.org/sax/features/external-general-entities and
http://xml.org/sax/features/external-parameter-entities to false for the
SAX parser (I have
On 3 Feb 2010, at 12:43, Jochen Wiedmann wrote:
Hi, Johan,
lets distinguish between two different questions:
- Whether there is a security issue. If so, this is of course of
general interest and ought to be fixed immediately.
I can imagine that you include an external entity into the
Hi,
I am not so familiar with the implementation of web server, but maybe I have
one general hint. You may have consider using singleton pattern, i.e. class
that implements XML-RPC methods will forward requests to the singleton that
can access directly your initialized objects (also non-static).
16 matches
Mail list logo
