|
|
Christian Schneider created an issue |
|
Issue Type: |
|
|---|---|
|
Affects Versions: |
2.7.1.1 |
|
Assignee: |
Unassigned |
|
Components: |
Security |
|
Created: |
30/Jun/15 5:37 PM |
|
Priority: |
|
|
Reporter: |
|
Hello, as part of security research I’ve found an exploitable bypass of the XXE fix of the 2.7.1.1 release, which renders the fix useless. In order to avoid direct risk to customers (including mine) running GeoServer (even the current 2.7.1.1 release) I do not yet post any exploitation details here, unless you ask me to post it here. Better contact me directly for information about the bypass and the steps to fix it (mail@anonymised.com). Best regards & many thanks, @cschneider4711 |
|
|
|
This message was sent by Atlassian JIRA (v6.5-OD-07-005#65007-sha1:7561251) |
|
|