Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-17424

Protect REST client against malicious XML responses.

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.3.0, 1.2.5, 1.1.9, 2.0.0
    • Component/s: REST
    • Labels:
      None

      Description

      If, by some means, an unsuspecting REST server client would get a malformed response from the REST server, it could result in the client performing some unintended action from the XML parsing.

      We should disable these extra options on the XML parser to prevent the possibility.

        Attachments

        1. HBASE-17424.002.patch
          6 kB
          Josh Elser
        2. HBASE-17424.001.patch
          6 kB
          Josh Elser

          Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-19020 TestXmlParsing exception checking relies on a particular xml implementation without declaring it.

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Assignee:
                elserj Josh Elser
                Reporter:
                elserj Josh Elser
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: