ID CVE-2018-1000632
Summary dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
References
Vulnerable Configurations
  • cpe:2.3:a:dom4j_project:dom4j:2.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:dom4j_project:dom4j:2.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:dom4j_project:dom4j:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:dom4j_project:dom4j:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.18:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.18:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.20.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:16.2.20.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.2.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.2.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.5:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.5:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.6:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.6:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.7:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.7:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.9:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.9:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.10:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.10:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.12:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.12:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.14:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.14:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:17.12.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.11:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.11:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.18.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.3.0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.3.0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.3.0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.3.0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.3.0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:utilities_framework:4.4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:utilities_framework:4.4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:satellite_capsule:6.6:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:satellite_capsule:6.6:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
    cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
    cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*
  • cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
    cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*
CVSS
Base: 5.0 (as of 10-06-2019 - 20:29)
Impact:
Exploitability:
CWE CWE-91
CAPEC
  • XML Injection
    An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
  • XPath Injection
    An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:P/A:P
redhat via4
advisories
  • rhsa
    id RHSA-2019:0362
  • rhsa
    id RHSA-2019:0364
  • rhsa
    id RHSA-2019:0365
  • rhsa
    id RHSA-2019:0380
  • rhsa
    id RHSA-2019:1159
  • rhsa
    id RHSA-2019:1160
  • rhsa
    id RHSA-2019:1161
  • rhsa
    id RHSA-2019:1162
refmap via4
confirm
misc https://ihacktoprotect.com/post/dom4j-xml-injection/
mlist
  • [debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update
  • [maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year
  • [maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year
  • [maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year
  • [maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
  • [maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
  • [maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)
Last major update 10-06-2019 - 20:29
Published 20-08-2018 - 19:31
Last modified 23-07-2020 - 14:19
Back to Top