glide.stax.whitelist_enabled

ServiceNow property description:

Secure glide.stax.whitelist_enabled

Attributes

  • Sys ID: 3297f0be7746111045bf6f90aa5a9995
  • Type: true | false
  • Application: Global
  • Default value: true
Sören Maucher LinkedIn Profile

My personal property description:

The glide.stax.whitelist_enabled property in ServiceNow is used to enhance security by managing XML entity processing for XMLDocument2 parsing. When enabled, it ensures that only entities specified in the glide.xml.entity.whitelist are processed, preventing unauthorized or malicious entities from being resolved. This adds a layer of protection against security risks, such as attackers exploiting XML data to increase the attack surface. This configuration helps defend against attacks like XML Entity Expansion/Billion Laugh attacks, which can consume system resources rapidly.

AI Logo

AI generated property description:

The ServiceNow property `glide.stax.whitelist_enabled` is a security feature that controls whether the XML entity expansion whitelist is enabled. According to the provided documentation, enabling this property helps prevent XML External Entity (XXE) attacks by restricting the entities that can be expanded during XML parsing. When `glide.stax.whitelist_enabled` is set to true, only entities specified in the whitelist are allowed, enhancing the security of XML processing. This property is part of the broader effort to secure XML parsing and mitigate potential vulnerabilities associated with XML entity expansion. Disabling this property (setting it to false) would allow all entities to be expanded, which could expose the system to XXE attacks.

Source

Related property: glide.lists.live_list_enabled