Details
Description
The Derby XML datatype and XmlVTI can be exploited, via XXE-based attacks, to expose sensitive information or launch denial-of-service assaults. This issue has CVE id CVE-2015-1832. This issue was brought to our attention by Philippe Arteau.
Attachments
Attachments
Issue Links
- is related to
-
DERBY-2131 External DTD files are accessed without a privileged block when Derby parses XML values that reference such DTDs.
-
- Closed
-
-
DERBY-1758 Enable xmlSuite to run as part of derbyall in environments that have the required external jars.
-
- Closed
-
-
-
- Closed
-
1.
|
Add regression tests for XXE vulnerability |
|
Closed | Abhinav Gupta | |
2.
|
Improve error handling in XmlVTI |
|
Closed | Bryan Pendleton | |
3.
|
Include XMLOptimizerTraceTest in XMLSuite |
|
Closed | Unassigned |