Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

XML Parsers can have an effect on XXE attacks so it is important to consider how to invoke the parsers in safe manner.

Reference: http://web-in-security.blogspot.de/2016/03/xml-parser-evaluation.html

Crimson

  • DoS attacks - Apply a DeclHandler
  • XXE/XXEP/URL Invocation attacks - Apply an EntityResolver
  • URL Invocation attacks - Apply an EntityResolver
  • Quirks: The features external-general-entities and external-parameter-entities cannot be set. (always true)

...