OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

 


 

   Seen on BugTraq: XXE (Xml eXternal Entity) attack

[ Lists Home | Date Index | Thread Index ]

No surprises for us given that we've discussed this and related issues 
here several times over the last few years, but nice to see it getting 
a wider circulation. And unlike the theoretical discussions we've had, 
this guy has gone out and tested existing software ...

http://online.securityfocus.com/archive/1/297714/2002-10-27/2002-11-02/0

Gregory Steuck security advisory #1, 2002

Overview:
  XXE (Xml eXternal Entity) attack is an attack on an application that
  parses XML input from untrusted sources using incorrectly configured
  XML parser. The application may be coerced to open arbitrary files
  and/or TCP connections.

Cheers,


Miles




 

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 2001 XML.org. This site is hosted by OASIS