You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@knox.apache.org by "Phil Zampino (JIRA)" <ji...@apache.org> on 2018/05/14 19:06:00 UTC
[jira] [Resolved] (KNOX-1308) Implement safeguards against XML
entity injection/expansion in the Admin API
[ https://issues.apache.org/jira/browse/KNOX-1308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Phil Zampino resolved KNOX-1308.
--------------------------------
Resolution: Fixed
> Implement safeguards against XML entity injection/expansion in the Admin API
> ----------------------------------------------------------------------------
>
> Key: KNOX-1308
> URL: https://issues.apache.org/jira/browse/KNOX-1308
> Project: Apache Knox
> Issue Type: Bug
> Components: Server
> Affects Versions: 1.0.0
> Reporter: Phil Zampino
> Assignee: Phil Zampino
> Priority: Major
> Fix For: 1.1.0
>
>
> |XML external entity injection. The tag *<!DOCTYPE foo [<!ENTITY xxeiltvf SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the server. Such a tag defines an external entity, *xxeiltvf*, which references a file on the server's filesystem. This entity could then be used within a data field in the XML document. The server's response contains the contents of the specified file, which could expose sensitive data.
>
>
> XML entity expansion attacks must also be prevented. The tag *<!DOCTYPE foo [<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1 "&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY xeevowya3 "&xeevowya2;&xeevowya2;">]>* could be injected into XML. Such a tag creates a series of entities, each of which is recursively defined using the value of the preceding entity. The final entity can then be used within a data field in the XML document. The server's response contains the recursively expanded value of this entity. This could serve as a DOS attack vector.|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)