Comment 19 for bug 1183884
Revision history for this message
| John Dickinson (notmyname) wrote Re: Unescaped content embedded in XML | #19 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0f7b58d
(Get the code!)
I echo everything Sam said, particularly w.r.t the quality of the proposed patch.
Here's my take on an impact description (I'm unsure about the correct tense:"were" vs. "are"):
Title: Unchecked user input in Swift XML responses
Reporter: Alex Gaynor (Rackspace)
Products: Swift
Affects: All versions
Description:
Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers.
Account strings were unescaped in xml listings, and an attacker could potentially generate unparsable or
arbitrary XML responses which may be used to leverage other vulnerabilities in the calling software.