cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergey Beryozkin <sberyoz...@gmail.com>
Subject Re: DTD based XML attacks - refering to Apache CXF Security Advisory (CVE-2010-2076)
Date Wed, 04 Aug 2010 19:06:49 GMT
Hi

On Mon, Aug 2, 2010 at 3:00 PM, Tal Maayani <tal.maayani@amdocs.com> wrote:

> Hi,
>
> According to your advice, in order to block DTD based XML attack one need
> to either use CXF version 2.2.9 or replace the default xml parser.
>
> there is an issue with (JAXRS) SourceProvider in 2.2.9 which I missed. But
this provider is optional. As far as I know Dan has done some refactoring in
2.2.10-SNAPSHOT which also helped to fix the SourceProvider issue.


> Can you please explain how to replace the xml parser when using REST
> service.
>

are you using JAXB in your JAXRS services ?

cheers, Sergey


>
> Thanks,
> Tal Maayani
>
> Office: 972-9-776-3883
>
>
> This message and the information contained herein is proprietary and
> confidential and subject to the Amdocs policy statement,
> you may review at http://www.amdocs.com/email_disclaimer.asp
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message