'[jira] [Comment Edited] (AXIS2-6060) [Axis2]Security Vulnerability - Action Required: XXE vulnerabil'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sandesha-dev
Subject:    [jira] [Comment Edited] (AXIS2-6060) [Axis2]Security Vulnerability - Action Required: XXE vulnerabil
From:       "Andreas Veithen (Jira)" <jira () apache ! org>
Date:       2023-10-29 11:40:00
Message-ID: JIRA.13547725.1692275706000.187283.1698579600028 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/AXIS2-6060?page=com.atlassian.jira.plugin. \
system.issuetabpanels:comment-tabpanel&focusedCommentId=17756580#comment-17756580 ] 

Andreas Veithen edited comment on AXIS2-6060 at 10/29/23 11:39 AM:
-------------------------------------------------------------------

Note that the schema files are loaded from the classpath. If an attacker can \
manipulate the classpath, then they would be able to execute arbitrary code anyway. I \
don't see how an attacker would achieve any kind of privilege escalation.


was (Author: veithen):
Note that the schema files are loaded from the classpath. If an attacker can \
manipulate the classpath, then they would be able to execute arbitrary code anyway. I \
don't see how there an attacker would achieve any kind of privilege escalation.

> [Axis2]Security Vulnerability - Action Required: XXE vulnerability in the newest \
>                 version of org.apache.axis2:axis2
> ------------------------------------------------------------------------------------------------------------------
>  
> Key: AXIS2-6060
> URL: https://issues.apache.org/jira/browse/AXIS2-6060
> Project: Axis2
> Issue Type: Bug
> Components: codegen, wsdl
> Affects Versions: 1.8.0
> Reporter: Yiheng Cao
> Priority: Major
> 
> The vulnerability is present in the class  \
> org.apache.axis2.wsdl.codegen.extension.JAXBRIExtension      of method  \
> getNamespaceAwareDocumentBuilder()    , which is responsible for getting a \
> DocumentBuilder object that supports namespace resolution. The vulnerable call \
> chain we discover is:  *engage(CodeGenConfiguration \
> configuration)→loadAdditionalSchemas()→getNamespaceAwareDocumentBuilder().* \
> Given that the  XML schema files stored in the \
> /org/apache/axis2/wsdl/codegen/schema/  which is compromised by a hacker, the \
> victim conducts regular process which incorporates the execution of method \
> engage(),  resulting in an XML External Entity (XXE) Injection attack.    



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscribe@axis.apache.org
For additional commands, e-mail: java-dev-help@axis.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic