Uploaded image for project: 'Derby'
  1. Derby
  2. DERBY-6807 XXE attack possible by using XmlVTI and the XML datatype
  3. DERBY-6810

Add regression tests for XXE vulnerability

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • None
    • None
    • None
    • Newcomer

    Description

      We should add some regression tests demonstrating that
      Derby is no longer vulnerable to an XXE assault.

      One possibility would be to have a example using a local
      file disclosure.

      Another possibility would be to have example based on the
      well-known "Billion Laughs" denial of service attack.

      Attachments

        1. vtiTests2.diff
          10 kB
          Bryan Pendleton
        2. vtiTests.diff
          9 kB
          Bryan Pendleton
        3. readPasswordFile.diff
          5 kB
          Bryan Pendleton
        4. error-stacktrace.out
          7 kB
          Bryan Pendleton
        5. billionLaughs.diff
          2 kB
          Bryan Pendleton

        Activity

          People

            mac777 Abhinav Gupta
            bryanpendleton Bryan Pendleton
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: