cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oferdit <ofe...@amdocs.com>
Subject Re: DTD based XML attacks - refering to Apache CXF Security Advisory (CVE-2010-2076)
Date Mon, 09 Aug 2010 13:04:29 GMT


Sergey Beryozkin-5 wrote:
> 
> Hi
> 
> On Mon, Aug 2, 2010 at 3:00 PM, Tal Maayani <tal.maayani@amdocs.com>
> wrote:
> 
>> Hi,
>>
>> According to your advice, in order to block DTD based XML attack one need
>> to either use CXF version 2.2.9 or replace the default xml parser.
>>
>> there is an issue with (JAXRS) SourceProvider in 2.2.9 which I missed.
>> But
> this provider is optional. As far as I know Dan has done some refactoring
> in
> 2.2.10-SNAPSHOT which also helped to fix the SourceProvider issue.
> 
> 
>> Can you please explain how to replace the xml parser when using REST
>> service.
>>
> 
> are you using JAXB in your JAXRS services ?
> 
> 

We use JAXB in our services.

-- 
View this message in context: http://cxf.547215.n5.nabble.com/DTD-based-XML-attacks-refering-to-Apache-CXF-Security-Advisory-CVE-2010-2076-tp2261760p2268798.html
Sent from the cxf-dev mailing list archive at Nabble.com.

Mime
View raw message