CVE-2018-1000632 - XML Injection (aka Blind XPath Injection)

Severity

64%

Complexity

99%

Confidentiality

81%

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVSS 2.0 Base Score 6.4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:P).

Overview

First reported 6 years ago

2018-08-20 19:31:00

Last updated 5 years ago

2019-06-10 20:29:00

Affected Software

Debian Linux 8.0 (Jessie)

8.0

Oracle FLEXCUBE Investor Servicing 12.0.4

12.0.4

Oracle FLEXCUBE Investor Servicing 12.1.0

12.1.0

Oracle FLEXCUBE Investor Servicing 12.3.0

12.3.0

Oracle FLEXCUBE Investor Servicing 12.4.0

12.4.0

Oracle FLEXCUBE Investor Servicing 14.0.0

14.0.0

References

RHSA-2019:0362

Third Party Advisory

RHSA-2019:0364

Third Party Advisory

RHSA-2019:0365

Third Party Advisory

RHSA-2019:0380

Third Party Advisory

RHSA-2019:1159

RHSA-2019:1160

RHSA-2019:1161

RHSA-2019:1162

RHSA-2019:3172

https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387

Patch, Third Party Advisory

https://github.com/dom4j/dom4j/issues/48

Patch, Third Party Advisory

https://ihacktoprotect.com/post/dom4j-xml-injection/

Exploit, Third Party Advisory

[maven-commits] 20190601 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year

[maven-dev] 20190531 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

[maven-commits] 20190531 [maven-archetype] 01/01: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year

[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report

[maven-dev] 20190610 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

[maven-dev] 20190531 proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

[maven-commits] 20190604 [maven-archetype] branch master updated: ARCHETYPE-567: switch to dom4j 2.1.1 (and Java 8) dom4j 2.1.1 requires Java 8 dom4j 2.0.2 would retain Java 7 but is vulnerable to CVE-2018-1000632 dom4j 2.0.3 fixes CVE-2018-1000632 but has been pending for ~1 year

[maven-dev] 20190603 Re: proposal for maven-archetype to switch to dom4j 2.1.1 (and Java 8)

[debian-lts-announce] 20180924 [SECURITY] [DLA 1517-1] dom4j security update

Mailing List, Third Party Advisory

https://security.netapp.com/advisory/ntap-20190530-0001/

N/A

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch, Third Party Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.