Preventing XML External Injection in Soap-Based Web Services in JBoss EAP 5.0.1

Question

Preventing XML External Injection in Soap-Based Web Services in JBoss EAP 5.0.1

We are using JBoss EAP 5.0.1 with JBoss WS 3.0.4 and we are trying to find a solution to prevent XML External Entity injection. How do I fix this instead of upgrading to a higher version?

+3

xml jboss xxe

M Asuncion 03 jan. 15 at 19:51

source to share

1 answer

Martin · Answer 1 · 2015-07-28T11:37:09+0000

To prevent the object from expanding on public RESTEasy XML endpoints, add it to web.xml:

<context-param> <param-name>resteasy.document.expand.entity.references</param-name> <param-value>false</param-value> </context-param>

I found it here, this issue is related to versions 7.7 and 8.4, but may work for older versions as well.

Preventing XML External Injection in Soap-Based Web Services in JBoss EAP 5.0.1

More articles: