XML External Entity (XXE) Injection in JDOM

An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. As a workaround, to avoid external entities being expanded, one can call builder.setExpandEntitiesfalse and they won't be expanded...

SUSE-SU-2015:1439-1 Security update for perl-XML-LibXML

perl-XML-LibXML was updated to fix the expandentities option to be preserved in all cases. CVE-2015-3451...

libxml-libxml-perl XML Processing Information Disclosure Vulnerability

libxml-libxml-perl is a library that provides an interface to parse and manipulate XML files. An error in the libxml-libxml-perl program's handling of the 'expandentities' parameter in the XML::LibXML module allows remote attackers to obtain information about sensitive data through the use of...

MGASA-2015-0199 Updated perl-XML-LibXML packages fix CVE-2015-3451

Updated perl-XML-LibXML package fixes security vulnerability: Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expandentities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected...

USN-2592-1 libxml-libxml-perl vulnerability

Tilmann Haak discovered that XML::LibXML incorrectly handled the expandentities parameter in certain situations. A remote attacker could possibly use this issue to access sensitive information...

UBUNTU-CVE-2015-3451

The clone function in XML::LibXML before 2.0119 does not properly set the expandentities option, which allows remote attackers to conduct XML external entity XXE attacks via crafted XML data to the 1 new or 2 loadxml function...