| ID |
CVE-2018-11758
|
| Summary |
This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing. |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:apache:cayenne:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:3.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:3.0.2:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:3.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:3.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:3.1.2:*:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:3.2:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:3.2:milestone1:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.0:beta1:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.0:beta1:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.0:beta2:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.0:beta2:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.0:milestone2:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.0:milestone3:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.0:milestone4:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.0:milestone4:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.0:milestone5:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.0:milestone5:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:apache:cayenne:4.1:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:cayenne:4.1:milestone1:*:*:*:*:*:*
|
| CVSS |
| Base: | 5.8 (as of 02-11-2018 - 14:34) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-611 |
| CAPEC |
-
XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| refmap
via4
|
| bid | 105142 | | mlist | [cayenne-user] 20180822 CVE-2018-11758: Apache Cayenne XXE Vulnerability in CayenneModeler GUI tool |
|
| Last major update |
02-11-2018 - 14:34 |
| Published |
22-08-2018 - 20:29 |
| Last modified |
02-11-2018 - 14:34 |
