Skip to content


Subversion checkout URL

You can clone with
Download ZIP


current webservices implementation is vulnerable to XXE/XEE attacks #2174

redguy666 opened this Issue · 1 comment

2 participants


XXE/XEE attacks are known for quite long time although they are not popular. They can lead to DoS or stealing local files from server with prepared XML requests containing custom XML entities defined.

Current WebService implementation passes request straight to php soap server, which may lead to exposing such vulnerabilities to public. We should patch this component similar to Zend and Symfony (commit #25031 in

I can provide patch soon.

@redguy666 redguy666 referenced this issue from a commit in redguy666/yii
@redguy666 redguy666 patch for webservice XXE/XEE vulnerability
solves #2174
@resurtm resurtm was assigned

I'll reopen this if it would be needed. See: #2177 (comment)

@resurtm resurtm closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.