You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Jean-Baptiste Onofré (JIRA)" <ji...@apache.org> on 2016/08/23 17:32:20 UTC
[jira] [Updated] (KARAF-4209) Weak XML Schema: Unbounded
Occurrences
[ https://issues.apache.org/jira/browse/KARAF-4209?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Baptiste Onofré updated KARAF-4209:
----------------------------------------
Fix Version/s: (was: 4.0.6)
4.0.7
> Weak XML Schema: Unbounded Occurrences
> --------------------------------------
>
> Key: KARAF-4209
> URL: https://issues.apache.org/jira/browse/KARAF-4209
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.0.3
> Reporter: Eduardo Aguinaga
> Fix For: 4.1.0, 4.0.7
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.
> Setting a maxOccurs value to unbounded can lead to resources exhaustion and ultimately a denial of service.
> File: features/core/src/main/resources/org/apache/karaf/features/karaf-features-1.0.0.xsd
> Line: 64
> karaf-features-1.0.0.xsd, lines 64-77:
> 64 <xs:choice minOccurs="0" maxOccurs="unbounded">
> 65 <xs:element name="details" minOccurs="0" type="xs:string">
> 66 <xs:annotation>
> 67 <xs:documentation><![CDATA[
> 68 The help text shown for this feature when using the feature:info console command.
> 69 ]]>
> 70 </xs:documentation>
> 71 </xs:annotation>
> 72 </xs:element>
> 73 <xs:element name="config" type="tns:config" />
> 74 <xs:element name="configfile" type="tns:configFile" />
> 75 <xs:element name="feature" type="tns:dependency" />
> 76 <xs:element name="bundle" type="tns:bundle" />
> 77 </xs:choice>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)