Comment 14 for bug 1183884
Revision history for this message
| Thierry Carrez (ttx) wrote Re: Unescaped content embedded in XML | #14 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
About impact, I find the description both too detailed and not sufficiently clear about impact :) My suggestion:
Title: Unchecked user input in Swift XML responses
Reporter: Alex Gaynor (Rackspace)
Products: Swift
Affects: All versions
Description:
Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers.
By including malicious data into account names, an attacker could potentially generate unparsable or
arbitrary XML responses, which may be used to leverage other vulnerabilities in the calling software.