oss-sec mailing list archives
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
From: "Christofer Dutz" <cdutz () apache org>
Date: Wed, 19 Aug 2015 13:48:04 +0200
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Flex BlazeDS 4.7.0Description: When receiving XML encoded AMF messages containing DTD entities, the default XML parser configurations allows expanding of entities to local resources. A request that included a specially crafted request parameter could be used to
access content that would otherwise be protected. Mitigation: All users of Apache Flex BlazeDS prior to 4.7.1 Example: For an AMF message that contains the following xml payload: <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo> the entity &xxe; would be expanded to the content of the file /etc/passwd. However this expanded information is not automatically transferred back to the client, but could be made available by the application. Credit: This issue was discovered by Matthias Kaiser of Code WhiteReferences: https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
Christofer Dutz
Current thread:
- CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability Christofer Dutz (Aug 19)