Hi,
we are using Bea Aqualogic Service bus as a proxy to our web services.
How we can prevent XML Recursive Entity Expansion attack on ESB Aqualogic server?
The example of this kind of attack can be found below or
http://www.ws-attacks.org/index.php/XML_Recursive_Entity_Expansion
The below soap payload can generate a huge SOAP request :
<?xml version="1.0" encoding="UTF-8" ?>
!entity>!entity>!entity>!entity>!doctype>
]>&x100;
Thank you for your help.