Travis Emmert reports: The RPC interface that exists on the satellite server at http(s)://hostname/rpc/api is vulnerable to a XML external entities attack. The XML parser that handles the body of the RPC request is insecurely configured, allowing for a wide range of attacks.
Acknowledgement: Red Hat would like to thank Travis Emmert for reporting this issue.
This issue has been addressed in the following products: Red Hat Satellite Server v 5.7 Via RHSA-2015:0957 https://rhn.redhat.com/errata/RHSA-2015-0957.html