Uploaded image for project: 'XMLTooling - C++'
  1. XMLTooling - C++
  2. CPPXT-127

DTD-defined entities can be added to XML without breaking signature

    XMLWordPrintable

    Details

      Description

      An outside tester identified a specific vulnerability using a DTD internal subset that can be used in cases where the Xerces parser is too old to allow the SP to turn off DTD support. This is primarily Red Hat 7 and OpenSUSE 13 among the platforms we package.

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            philip_rtpt@unitedid.org philip_rtpt@unitedid.org
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 1 day, 30 minutes
                1d 30m