2015 m. rugpjūčio 28 d., penktadienis

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Flex BlazeDS 4.7.0

Description: When receiving XML encoded AMF messages containing DTD entities, the
default XML parser configurations allows expanding of entities to local resources.
A request that included a specially crafted request parameter could be used to
access content that would otherwise be protected.


Mitigation: All users of Apache Flex BlazeDS prior to 4.7.1

Example: For an AMF message that contains the following xml payload:
<?xml version="1.0" encoding="ISO-8859-1"?>
 <!DOCTYPE foo [
   <!ELEMENT foo ANY >
   <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
the entity &xxe; would be expanded to the content of the file /etc/passwd.
However this expanded information is not automatically transferred back to
the client, but could be made available by the application.

Credit: This issue was discovered by Matthias Kaiser of Code White

References: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing

Komentarų nėra:

Rašyti komentarą