Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <6d2be9b1-ab9a-bc1b-b0e3-f2cdddbee90b@apache.org>
Date: Fri, 11 Sep 2020 11:58:42 +0200
From: Cédric Damioli <cdamioli@...che.org>
To: oss-security@...ts.openwall.com
Subject: [CVE-2020-11991] Apache Cocoon security vulnerability

[CVE-2020-11991] Apache Cocoon security vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Cocoon up to 2.1.12

Description: When using the StreamGenerator, the code parse a 
user-provided XML.

A specially crafted XML, including external system entities, could be 
used to access any file on the server system.

Mitigation:

The StreamGenerator now ignores external entities. 2.1.x users should 
upgrade to 2.1.13

Example:

With the following input :

<!--?xml version="1.0" ?--> <!DOCTYPE replace [<!ENTITY ent SYSTEM 
"file:///etc/shadow"> ]> <userInfo> <firstName>John</firstName> 
<lastName>&ent;</lastName> </userInfo> an attacker got the content of 
/etc/shadow

Credit: This issue was discovered by Nassim Asrir.


Regards,

-- 
Cédric Damioli

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.