166 matches found
PicketLink: XXE via insecure DocumentBuilderFactory usage
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...
PicketLink: XXE via insecure DocumentBuilderFactory usage
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...
PicketLink: XXE via insecure DocumentBuilderFactory usage
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...
PicketLink: XXE via insecure DocumentBuilderFactory usage
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...
PicketLink: XXE via insecure DocumentBuilderFactory usage
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...
PicketLink: XXE via insecure DocumentBuilderFactory usage
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the...