Top "Xxe" questions

XML External Entity (XXE)

Prevent XXE Attack with JAXB

Recently, we had a security audit on our code, and one of the problem is that our application is subject …

Read More
java security jaxb ws-security xxe
How to Prevent XML External Entity Injection on TransformerFactory

My problem: Fortify 4.2.1 is marking below code as susceptible for XML External Entities attack. TransformerFactory factory = TransformerFactory.newInstance(); StreamSource xslStream = …

Read More
java xml xslt fortify xxe
Fortify fix for XML External Entity Injection

When I do scan using fortify tool, I got some issues under "XML External Entity Injection". TransformerFactory trfactory = TransformerFactory.newInstance(); …

Read More
java fortify xxe
Veracode XML External Entity Reference (XXE)

I've got the next finding in my veracode report: Improper Restriction of XML External Entity Reference ('XXE') (CWE ID 611) referring …

Read More
java security veracode xxe