You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@knox.apache.org by "Phil Zampino (JIRA)" <ji...@apache.org> on 2018/05/14 14:17:00 UTC

[jira] [Created] (KNOX-1308) Implement safeguards against XML entity injection/expansion in the Admin API

Phil Zampino created KNOX-1308:
----------------------------------

             Summary: Implement safeguards against XML entity injection/expansion in the Admin API
                 Key: KNOX-1308
                 URL: https://issues.apache.org/jira/browse/KNOX-1308
             Project: Apache Knox
          Issue Type: Bug
          Components: Server
    Affects Versions: 1.0.0
            Reporter: Phil Zampino
            Assignee: Phil Zampino
             Fix For: 1.1.0


|XML external entity injection. The tag *<!DOCTYPE foo [<!ENTITY xxeiltvf SYSTEM "file:///etc/passwd"> ]>*could be injected into XML sent to the server. Such a tag defines an external entity, *xxeiltvf*, which references a file on the server's filesystem. This entity could then be used within a data field in the XML document. The server's response contains the contents of the specified file, which could expose sensitive data.
XML entity expansion attacks must also be prevented. The tag *<!DOCTYPE foo [<!ENTITY xeevowya0 "b68et"><!ENTITY xeevowya1 "&xeevowya0;&xeevowya0;"><!ENTITY xeevowya2 "&xeevowya1;&xeevowya1;"><!ENTITY xeevowya3 "&xeevowya2;&xeevowya2;">]>* could be injected into XML. Such a tag creates a series of entities, each of which is recursively defined using the value of the preceding entity. The final entity can then be used within a data field in the XML document. The server's response contains the recursively expanded value of this entity. This could serve as a DOS attack vector.|



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)