Red Hat Security Advisory 2015-1539-01 - Red Hat JBoss BPM Suite is a business rules and processes management system for the management, storage, creation, modification, and deployment of JBoss rules and BPMN2-compliant business processes. This release of Red Hat JBoss BPM Suite 6.1.2 serves as a replacement for Red Hat JBoss BPM Suite 6.1.0, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issues are also fixed with this release: It was found that Apache Camel's XML converter performed XML External Entity expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
56627352a7df2d86dd0a52f57fc03ccdd0383b7f81d892b51ba9198d83ea8692
Red Hat Security Advisory 2015-1538-01 - Red Hat JBoss BRMS is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. This release of Red Hat JBoss BRMS 6.1.2 serves as a replacement for Red Hat JBoss BRMS 6.1.0, and includes bug fixes and enhancements, which are documented in the README.txt file included with the patch files. The following security issues are also fixed with this release: It was found that Apache Camel's XML converter performed XML External Entity expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
cd8d3c1f817b1c9faba0d4e0599cebb2aa48f6de86fd4533c50a3f58ab9d4d37
Debian Linux Security Advisory 3298-1 - It was discovered that the Jackrabbit WebDAV bundle was susceptible to a XXE/XEE attack. When processing a WebDAV request body containing XML, the XML parser could be instructed to read content from network resources accessible to the host, identified by URI schemes such as "http(s)" or "file". Depending on the WebDAV request, this could not only be used to trigger internal network requests, but might also be used to insert said content into the request, potentially exposing it to the attacker and others.
d091fdea4958a8151a20ee1e53c260ff67a24262ac3e41f169fd462922e71faf
NetIQ Access Manager is vulnerable to XXE injection attacks.
5ab83fb7455997ac3fe10dc835a9bc56e92d52e2ce04391ac1b7bb994f39d5dc
Ubuntu Security Notice 2654-1 - It was discovered that the Tomcat XML parser incorrectly handled XML External Entities (XXE). A remote attacker could possibly use this issue to read arbitrary files. This issue only affected Ubuntu 14.04 LTS. It was discovered that Tomcat incorrectly handled data with malformed chunked transfer coding. A remote attacker could possibly use this issue to conduct HTTP request smuggling attacks, or cause Tomcat to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. Various other issues were also addressed.
a174f8e325d9828914e2df7525e1cae37224c8bc3844309db620b32444e9b830
SAP Mobile Platform version 3.0 suffers from an XXE injection vulnerability. The problem is caused by a program error due to the incorrect use of an XML parser (/mobiliser servlet). By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
e89aaed13c5a2c5ac4e974c044a080f19bad90ce384d9fca4ba8d2c791e1c274
SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
b46458ceeb29478ddffbd1e176b6e2695088708178f75445d879b1a591dbce9f
SAP Mobile Platform version 2.3 suffers from an XXE injection vulnerability. An attacker can read an arbitrary file on the server by sending a correct XML request with a crafted DTD to/scc/messagebroker/http and reading the reply from the service. An attacker can perform a DoS attack (for example, an XML Entity Expansion attack). A SMB Relay attack is a type of Man-in-the-Middle attack where the attacker asks the victim to authenticate into a machine controlled by the attacker, then relays the credentials to the target. The attacker forwards the authentication information both ways, giving them access.
af39f3b02d6f59a59ac9adee1be7f700f929d9f74faaf58a79ef76213342f7ab
SAP NetWeaver Portal version 7.31 suffers from an XXE injection vulnerability. The problem is caused by a program error in 'ValidationComponent' due to the incorrect use of an XML parser. By default, the parser opens external entities referenced within an XML input, which can then lead to malicious content being parsed. This malicious content can reference internal resources, such as files. These internal resources can be disclosed in the response to the request, or can be used to perform a denial of service attack on the parsing system, rendering the application content temporarily unavailable.
9756bc993b8745281faa7c356860f96edc0f791cd1ec7201932b24da9da7b059
HP WebInspect versions 7.x, 8.x, 9.x, and 10.0 through 10.4 suffer from an XML external entity vulnerability.
44df7fcf639b2f66354665111858dd4bced1a796a547d6fed87ff5cd8eccb16d
SAP has released the monthly critical patch update for June 2015. This patch update closes buffer overflow, remote SQL injection, XML eXternal Entity, and hardcoded credentials vulnerabilities.
19387f24cc2e3fc9d5721e3adda4e660354e12481fa568f2e559c14584e13347
Red Hat Security Advisory 2015-1041-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0. It includes several bug fixes, which are documented in the readme.txt file included with the patch files. The following security issues are addressed in this release: It was found that Apache Camel's XML converter performed XML External Entity expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
ca80b7b5b399e7d7f9d4b52fc1738483535cd392df8030a2096d79d0ce76f1a9
Jackrabbit versions 2.x suffer from a WebDAV XXE injection vulnerability. Included are details and patches.
6408e65868c52858ab9e20f4d7de9fc89e4df4439e5fa505f752b7ed50030fc8
SAP ERPScan has patched buffer overflow, XXE injection, and missing authorization vulnerabilities.
de0cd2f323a3c4f9aa15056db27e15071c37dd9bcf40321c654953ba86e94f21
Hikvision DS-7108HWI-SH suffers from XML injection and abuse control vulnerabilities.
d1bb4634146fdef0c8b2ec9946f0fa8374acbf0fa0d2991358c04ebba364be68
Apple Security Advisory 2015-05-19-1 - Watch OS 1.0.1 is now available and addresses certificate issues, arbitrary code execution, XML external entity, and various other vulnerabilities.
f17aeaf116598c6c534faf7325f8d39d4a47f7b764dc38ac0fa599637f23b263
Hikvision DS-2CD2012-I suffers from XML injection and abuse control vulnerabilities.
1c2e78e7ec0327818de05824e547cf8af2af3fb0717a7ae08f9503728cc5fa9f
WSO2 Identity Server version 5.0.0 suffers from XML external entity injection, cross site request forgery, and cross site scripting vulnerabilities.
b23a062266269d325f887cf960d7eb910446d8f0167a0b3dbb117e633cc72a23
Red Hat Security Advisory 2015-0957-01 - Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and remote management of multiple Linux deployments with a single, centralized tool. It was found that the RPC interface in Satellite would resolve external entities, allowing an attacker to conduct XML External Entity attacks. A remote attacker could use this flaw to read files accessible to the user running the Satellite server, and potentially perform other more advanced XXE attacks.
6bf5094519afad4e95c2db139971651deba0b71c07ab01281232000eaa5331d1
Huawei SEQ Analyst version V200R002C03LG0001SPC100 suffers from an XML external entity injection vulnerability.
c7c2407779c7f1a975e407883855dddb3f3c26e41f43b310f77c4493aaafe71b
Mandriva Linux Security Advisory 2015-203 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
5eda7626171582440bef2089c8e9705f885b66c61b26757776ce0f17cd019bcc
Mandriva Linux Security Advisory 2015-097 - XML eXternal Entity flaws were discovered in the Zend Framework. An attacker could use these flaws to cause a denial of service, access files accessible to the server process, or possibly perform other more advanced XML External Entity attacks. Using the Consumer component of Zend_OpenId, it is possible to login using an arbitrary OpenID account (without knowing any secret information) by using a malicious OpenID Provider. That means OpenID it is possible to login using arbitrary OpenID Identity (MyOpenID, Google, etc), which are not under the control of our own OpenID Provider. Thus, we are able to impersonate any OpenID Identity against the framework ,. The implementation of the ORDER BY SQL statement in Zend_Db_Select of Zend Framework 1 contains a potential SQL injection when the query string passed contains parentheses. Due to a bug in PHP's LDAP extension, when ZendFramework's Zend_ldap class is used for logins, an attacker can login as any user by using a null byte to bypass the empty password check and perform an unauthenticated LDAP bind. The sqlsrv PHP extension, which provides the ability to connect to Microsoft SQL Server from PHP, does not provide a built-in quoting mechanism for manually quoting values to pass via SQL queries; developers are encouraged to use prepared statements. Zend Framework provides quoting mechanisms via Zend_Db_Adapter_Sqlsrv which uses the recommended double single quote as quoting delimiters. SQL Server treats null bytes in a query as a string terminator, allowing an attacker to add arbitrary SQL following a null byte, and thus create a SQL injection.
dbd355d47d2272372963e41921faec57d94a89afaed8462832c6a5dd1b7b545c
Red Hat Security Advisory 2015-0749-01 - The libxml2 library is a development toolbox providing the implementation of various XML standards. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity attacks, possibly resulting in a denial of service or an information leak on the system. The CVE-2014-0191 issue was discovered by Daniel P. Berrange of Red Hat.
15c49fedfd4a3e46ea1a642a1d02d9c329ca365e3e9985dba2151d5b6dfb8796
Debian Linux Security Advisory 3205-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik, a toolkit for processing SVG images, would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
6e1aea3d8c41b78ffa32747b1dcaa58281ffe140531931a4580db32309a685ca
Ubuntu Security Notice 2548-1 - Nicolas Gregoire and Kevin Schaller discovered that Batik would load XML external entities by default. If a user or automated system were tricked into opening a specially crafted SVG file, an attacker could possibly obtain access to arbitrary files or cause resource consumption.
d292c8c54c0625368669907a9cb53fed70161f0ef2a1072fca343fe9f3cbc9da