Seen on BugTraq: XXE (Xml eXternal Entity) attack

Cart

XML Editor - Download a Free Trial >

See What's New >

Buy Now >

[Home] [By Thread] [By Date] [Recent Entries]

To: xml-dev@l...
Subject: Seen on BugTraq: XXE (Xml eXternal Entity) attack
From: Miles Sabin <miles@m...>
Date: Wed, 30 Oct 2002 09:05:44 +0000

No surprises for us given that we've discussed this and related issues 
here several times over the last few years, but nice to see it getting 
a wider circulation. And unlike the theoretical discussions we've had, 
this guy has gone out and tested existing software ...

http://online.securityfocus.com/archive/1/297714/2002-10-27/2002-11-02/0

Gregory Steuck security advisory #1, 2002

Overview:
  XXE (Xml eXternal Entity) attack is an attack on an application that
  parses XML input from untrusted sources using incorrectly configured
  XML parser. The application may be coerced to open arbitrary files
  and/or TCP connections.

Cheers,


Miles

Follow-Ups:
- Re: Seen on BugTraq: XXE (Xml eXternal Entity) attack
  - From: "Rick Jelliffe" <ricko@a...>

Prev by Date: Re: What is XML For?
Next by Date: Re: What is XML For?
Previous by thread: another XPointer scheme non-announcement
Next by thread: Re: Seen on BugTraq: XXE (Xml eXternal Entity) attack
Index(es):
- Date
- Thread

XML Editor - Download a 15 Day Free Trial Now >

See What's New in Stylus Studio >

Buy Stylus Studio - XML Editor - Now >