Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

2015.08.19
Credit: Christofer Dutz
Risk: High
Local: No
Remote: Yes
CVE: CVE-2015-3269
CWE: CWE-200


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0 Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to access content that would otherwise be protected. Mitigation: All users of Apache Flex BlazeDS prior to 4.7.1 Example: For an AMF message that contains the following xml payload: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo> the entity &xxe; would be expanded to the content of the file /etc/passwd. However this expanded information is not automatically transferred back to the client, but could be made available by the application. Credit: This issue was discovered by Matthias Kaiser of Code White References: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing Christofer Dutz

References:

https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top