oss-sec mailing list archives
[CVE-2020-11991] Apache Cocoon security vulnerability
From: Cédric Damioli <cdamioli () apache org>
Date: Fri, 11 Sep 2020 11:58:42 +0200
[CVE-2020-11991] Apache Cocoon security vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Cocoon up to 2.1.12Description: When using the StreamGenerator, the code parse a user-provided XML.
A specially crafted XML, including external system entities, could be used to access any file on the server system.
Mitigation:The StreamGenerator now ignores external entities. 2.1.x users should upgrade to 2.1.13
Example: With the following input :<!--?xml version="1.0" ?--> <!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/shadow"> ]> <userInfo> <firstName>John</firstName> <lastName>&ent;</lastName> </userInfo> an attacker got the content of /etc/shadow
Credit: This issue was discovered by Nassim Asrir. Regards, -- Cédric Damioli
Current thread:
- [CVE-2020-11991] Apache Cocoon security vulnerability Cédric Damioli (Sep 11)