CVE-2016-4312 - XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 befo

CVE-2016-4312

Summary

XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials.

References

Vulnerable Configurations

cpe:2.3:a:wso2:identity_server:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:wso2:identity_server:5.1.0:*:*:*:*:*:*:*

CVSS

Base:	6.0 (as of 09-10-2018 - 20:00)
Impact:
Exploitability:

CWE

CWE-611

CAPEC

XML External Entities Blowup
This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:P/A:P

refmap via4

bid	92485
bugtraq	20160813 WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity
confirm	https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2016-0096
exploit-db	40239
misc	http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html

Last major update

09-10-2018 - 20:00

Published

17-02-2017 - 02:59

Last modified

09-10-2018 - 20:00