our application is hit with XXE vulnerabilty and I found the below link
XML External Entity (XXE) Vulnerability in BlazeDS
I see the jar for different versions of LCDS, not sure what to use it in our environment.
We are using flex build=4.0.0.14931.
Can you please help me which versioned messaging-core jar I have to copy in order to avoid XXE.
I copied the jar from LCDS 3.0.0.354170 to our application, and edited the services-config.xml file in our application to specify the value of the allow-xml-external-entity-expansion property as false. It throws the below error.
Exception report
messageflex.messaging.config.ConfigurationException: Unexpected child element 'allow-xml-external-entity-expansion' found in 'services-config' from file: services-config.xml.
Please help me out.