Jian Liu [
https://community.jboss.org/people/jliubay] created the discussion
"How to avoid parsing DTD in Soap Request"
To view the discussion, visit:
https://community.jboss.org/message/831863#831863
--------------------------------------------------------------
Web service has an XML expansion vulnerability by parsing DTD in the input soap message.
Does anyone have a solution for turning off DTD loading/parsing for JAX-WS Web Services
implemented using @WebService? JBoss AS 6 ships with CXF web services implementation.
There seems to be a way to replace default parser according to
http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf
http://svn.apache.org/repos/asf/cxf/trunk/security/CVE-2010-2076.pdf. But we are on
JBoss5.2.
Thaks.
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/831863#831863]
Start a new discussion in JBoss Web Services at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]