Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: BlazeDS 4.7.0 and 4.7.1
Description: The code in BlazeDS to deserialize AMF XML datatypes allows
so-called SSRF Attacks
(Server Side Request Forgery) in which the server could contact a remote
service on
behalf of the attacker. The attacker could hereby circumvent firewall
restrictions.
Mitigation: 4.7.x users should upgrade to 4.7.2
Example: For XML object containing the following string representation:
<!DOCTYPE foo PUBLIC "-//VSR//PENTEST//EN"
"http://protected-server/prote
The server could access the url:
http://protected-server/protec
Even if directly accessing this resource is prevented by firewall rules.
Credit: This issue was discovered by James Kettle of PortSwigger Ltd.
References:
http://www.vsecurity.com/downl
Komentarų nėra:
Rašyti komentarą