Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...

Java: XML eXternal Entity (XXE) flaw in ParserPool and Decrypter

It was found that the ParserPool and Decrypter classes in the OpenSAML Java implementation resolved external entities, permitting XML External Entity XXE attacks. A remote attacker could use this flaw to read files accessible to the user running the application server, and potentially perform oth...