Rudi Hochmeister created GEOS-5273 |
Issue Type: |
Bug |
Affects Versions: |
2.1.3 |
Assignee: |
|
Components: |
Security |
Created: |
16/Aug/12 8:08 AM |
Description: |
With a prepared external SLD Rule, it is possible to access sensitive system files in /etc on the host machine and display it as an image. It is also possible to drop a XML Bomb, but this is another story. Disabling use of external entities would be solution if it can be done. |
Environment: |
linux java6 |
Project: |
|
Priority: |
Major |
Reporter: |