Loading...

XML

Word

Printable

Type: Bug
Resolution: Duplicate
Priority: Major
Fix Version/s: None
Affects Version/s: 7.0.4.CR2, 7.1.0.DR6
Component/s: Documentation
Labels:
None

Git Pull Request:
https://gitlab.cee.redhat.com/red-hat-jboss-enterprise-application-platform-documentation/eap-documentation/merge_requests/2337, https://gitlab.cee.redhat.com/red-hat-jboss-enterprise-application-platform-documentation/eap-documentation/merge_requests/2363

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Book: Developing webservices applications
Chapter: 2.10. Securing JAX-RS Web Services

Resteasy has three parameters which are protection against XML external entity attack.
These parameters are have default values set in a way that resteasy is protected against it.

This chapter shoul contain warning that changing default values of these three parameters may cause REST application to be potentially vulnerable against XXE attack.

The mentioned parameters are:

resteasy.document.expand.entity.references
resteasy.document.secure.processing.feature
resteasy.document.secure.disableDTDs
(all documented in A.2. RESTEasy Configuration Parameters chapter)

clones

JBEAP-6315 [7.1] Mention danger of XXE attack if some resteasy parameters are set to non default values

Closed

Assignee:: Nidhi Chaudhary

Reporter:: Katerina Odabasi

Tester:: Katerina Odabasi

QA Contact:: Katerina Odabasi

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2017/01/06 2:06 AM

Updated:: 2017/01/06 2:07 AM

Resolved:: 2017/01/06 2:07 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates