ID CVE-2022-2414
Summary Access to external entities when parsing XML documents can lead to XML external entity (XXE) attacks. This flaw allows a remote attacker to potentially retrieve the content of arbitrary files by sending specially crafted HTTP requests.
References
Vulnerable Configurations
  • cpe:2.3:a:dogtagpki:dogtagpki:10.5.18:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:10.5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:dogtagpki:dogtagpki:10.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:10.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:dogtagpki:dogtagpki:10.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:10.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:dogtagpki:dogtagpki:10.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:10.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:dogtagpki:dogtagpki:10.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:10.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:dogtagpki:dogtagpki:11.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:11.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:dogtagpki:dogtagpki:11.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:dogtagpki:dogtagpki:11.1.0:*:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 04-08-2022 - 20:25
Published 29-07-2022 - 19:15
Last modified 04-08-2022 - 20:25
Back to Top