{"id":5668,"date":"2015-11-24T13:23:20","date_gmt":"2015-11-24T13:23:20","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=5668"},"modified":"2015-11-24T13:23:20","modified_gmt":"2015-11-24T13:23:20","slug":"vmware-flex-blazeds-xxe-bugiyla-ilgili-acigi-kapatti","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/vmware-flex-blazeds-xxe-bugiyla-ilgili-acigi-kapatti\/","title":{"rendered":"VMware, Flex BlazeDS XXE Bug&#8217;\u0131yla ilgili a\u00e7\u0131\u011f\u0131 kapatt\u0131"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">VMware, <strong>Flex BlazeDS&#8217;i<\/strong> kullanan baz\u0131 \u00fcr\u00fcnlerindeki bilgi s\u0131zmas\u0131na sebep olan <strong>\u00f6nemli bir a\u00e7\u0131\u011f\u0131 kapatt\u0131.<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bu a\u00e7\u0131k A\u011fustos ay\u0131nda Code White&#8217;tan Matthias Kaiser taraf\u0131ndan bulunmu\u015f ve a\u00e7\u0131klanm\u0131\u015ft\u0131. Ara\u015ft\u0131rmac\u0131lara g\u00f6re Apache Flex <strong>BlazeDS i\u00e7erisindeki a\u00e7\u0131k, XML External Entity&#8217;deki bir hatadan<\/strong> kaynaklan\u0131yor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bunun gibi <strong>XML giri\u015flerini parse<\/strong> eden web uygulamalar\u0131nda bulunan a\u00e7\u0131klar, gizlenmi\u015f ve korunmu\u015f belgelerin a\u011f d\u0131\u015f\u0131na s\u0131zd\u0131r\u0131lmas\u0131 i\u00e7in kullan\u0131labiliyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Apache Foundation&#8217;\u0131n payla\u015ft\u0131\u011f\u0131na g\u00f6re <strong>Apache Flex BlazeDS 4.7.0<\/strong> etkilenmi\u015f g\u00f6r\u00fcn\u00fcyor.<\/span><\/p>\n<p><a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/vmware.jpg\" data-rel=\"penci-gallery-image-content\" ><img decoding=\"async\" class=\"aligncenter size-full wp-image-5669\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/vmware.jpg\" alt=\"vmware\" width=\"480\" height=\"192\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/vmware.jpg 480w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/vmware-300x120.jpg 300w\" sizes=\"(max-width: 480px) 100vw, 480px\" \/><\/a><\/p>\n<p><span style=\"font-size: 14pt;\">VMware&#8217;in payla\u015ft\u0131\u011f\u0131na g\u00f6re a\u015fa\u011f\u0131daki \u00fcr\u00fcnler bu sorundan etkileniyor:<\/span><\/p>\n<ul>\n<li><span style=\"font-size: 14pt;\">VMware vCenter Server 5.5 prior to version 5.5 update 3<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">VMware vCenter Server 5.1 prior to version 5.1 update u3b<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">VMware vCenter Server 5.0 prior to version 5.0 update u3e<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">vCloud Director 5.6 prior to version 5.6.4<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">vCloud Director 5.5 prior to version 5.5.3<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">VMware Horizon View 6.0 prior to version 6.1<\/span><\/li>\n<li><span style=\"font-size: 14pt;\">VMware Horizon View 5.0 prior to version 5.3.4<\/span><\/li>\n<\/ul>\n<p><span style=\"font-size: 14pt;\">VMware&#8217;in a\u00e7\u0131klamas\u0131na g\u00f6re Flex BlazeDS kullanan \u00fcr\u00fcnlerinin <strong>XML External Entity (XXE) request&#8217;leriyle ilgilenenlerin baz\u0131lar\u0131 bu sorundan etkilenebiliyor.<\/strong> \u00d6zel \u00fcretilmi\u015f bir XML request&#8217;in sunucuya g\u00f6nderilmesiyle gizli kalmas\u0131 gereken baz\u0131 bilgiler a\u00e7\u0131\u011fa \u00e7\u0131kabiliyor.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware, Flex BlazeDS&#8217;i kullanan baz\u0131 \u00fcr\u00fcnlerindeki bilgi s\u0131zmas\u0131na sebep olan \u00f6nemli bir a\u00e7\u0131\u011f\u0131 kapatt\u0131. Bu a\u00e7\u0131k A\u011fustos ay\u0131nda Code White&#8217;tan Matthias Kaiser&hellip;<\/p>\n","protected":false},"author":3,"featured_media":5670,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5668","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5668","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5668"}],"version-history":[{"count":2,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5668\/revisions"}],"predecessor-version":[{"id":5675,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5668\/revisions\/5675"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/5670"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5668"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5668"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5668"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}