[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message]

Seen on BugTraq: XXE (Xml eXternal Entity) attack

• To: xml-dev@l...
• Subject: Seen on BugTraq: XXE (Xml eXternal Entity) attack
• From: Miles Sabin <miles@m...>
• Date: Wed, 30 Oct 2002 09:05:44 +0000

No surprises for us given that we've discussed this and related issues 
here several times over the last few years, but nice to see it getting 
a wider circulation. And unlike the theoretical discussions we've had, 
this guy has gone out and tested existing software ...

http://online.securityfocus.com/archive/1/297714/2002-10-27/2002-11-02/0

Gregory Steuck security advisory #1, 2002

Overview:
  XXE (Xml eXternal Entity) attack is an attack on an application that
  parses XML input from untrusted sources using incorrectly configured
  XML parser. The application may be coerced to open arbitrary files
  and/or TCP connections.

Cheers,


Miles

• Follow-Ups:
  • Re: Seen on BugTraq: XXE (Xml eXternal Entity) attack
    • From: "Rick Jelliffe" <ricko@a...>

• Prev by Date: Re: What is XML For?
• Next by Date: Re: What is XML For?
• Previous by thread: another XPointer scheme non-announcement
• Next by thread: Re: Seen on BugTraq: XXE (Xml eXternal Entity) attack
• Index(es):
  • Date
  • Thread