xml-dev - Seen on BugTraq: XXE (Xml eXternal Entity) attack

Seen on BugTraq: XXE (Xml eXternal Entity) attack

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: Seen on BugTraq: XXE (Xml eXternal Entity) attack
From: Miles Sabin <miles@milessabin.com>
Date: Wed, 30 Oct 2002 09:05:44 +0000

No surprises for us given that we've discussed this and related issues 
here several times over the last few years, but nice to see it getting 
a wider circulation. And unlike the theoretical discussions we've had, 
this guy has gone out and tested existing software ...

http://online.securityfocus.com/archive/1/297714/2002-10-27/2002-11-02/0

Gregory Steuck security advisory #1, 2002

Overview:
  XXE (Xml eXternal Entity) attack is an attack on an application that
  parses XML input from untrusted sources using incorrectly configured
  XML parser. The application may be coerced to open arbitrary files
  and/or TCP connections.

Cheers,


Miles

Follow-Ups:
- Re: [xml-dev] Seen on BugTraq: XXE (Xml eXternal Entity) attack
  - From: "Rick Jelliffe" <ricko@allette.com.au>

Prev by Date: Re: [xml-dev] What is XML For?
Next by Date: Re: [xml-dev] What is XML For?
Previous by thread: another XPointer scheme non-announcement
Next by thread: Re: [xml-dev] Seen on BugTraq: XXE (Xml eXternal Entity) attack
Index(es):
- Date
- Thread