-
Bug
-
Resolution: Done
-
Major
-
7.1.0.DR6
-
-
-
-
-
-
https://gitlab.cee.redhat.com/red-hat-jboss-enterprise-application-platform-documentation/eap-documentation/merge_requests/2337, https://gitlab.cee.redhat.com/red-hat-jboss-enterprise-application-platform-documentation/eap-documentation/merge_requests/2363, https://gitlab.cee.redhat.com/red-hat-jboss-enterprise-application-platform-documentation/eap-documentation/merge_requests/2569
Book: Developing webservices applications
Chapter: 2.10. Securing JAX-RS Web Services
Resteasy has three parameters which are protection against XML external entity attack.
These parameters are have default values set in a way that resteasy is protected against it.
This chapter shoul contain warning that changing default values of these three parameters may cause REST application to be potentially vulnerable against XXE attack.
The mentioned parameters are:
- resteasy.document.expand.entity.references
- resteasy.document.secure.processing.feature
- resteasy.document.secure.disableDTDs
(all documented in A.2. RESTEasy Configuration Parameters chapter)
- clones
-
-
- Closed
-
