Bug 1112987 (CVE-2014-3530)
| Summary: | CVE-2014-3530 PicketLink: XXE via insecure DocumentBuilderFactory usage | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | anmiller, batkisso, bdawidow, cdewolf, chazlett, dandread, darran.lofthouse, fnasser, grocha, hfnukal, huwang, jawilson, jcacek, jcoleman, jpallich, jrusnack, kconner, kejohnso, lgao, mweiler, myarboro, osoukup, pavelp, pgier, pskopek, pslavice, rsvoboda, security-response-team, slaskawi, spinder, theute, tkirby, ttarrant, vtunka, weli |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-10 22:00:45 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1114503, 1114504, 1114505, 1114506, 1114507, 1114508, 1114509, 1114510, 1114511, 1114512, 1114513, 1114514, 1114515, 1114516, 1114517, 1114523, 1114524, 1114525, 1114532, 1114533, 1114534, 1114536, 1114537, 1160694 | ||
| Bug Blocks: | 1082938, 1093885, 1113216, 1116052, 1116289, 1119792, 1127901, 1181883, 1182400, 1182419, 1200191, 1244362, 1244363, 1551389 | ||
|
Description
Arun Babu Neelicattu
2014-06-25 08:26:50 UTC
Statement: This flaw could allow remote, unauthenticated attackers to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. All systems hosting PicketLink applications using SAML Identity Providers and Service Providers may be affected. It is strongly advised that anyone running an affected system applies patches to address this flaw. IssueDescription: It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. This issue has been addressed in following products: JBEAP 6.2 for RHEL 6 JBEAP 6.2 for RHEL 5 Via RHSA-2014:0883 https://rhn.redhat.com/errata/RHSA-2014-0883.html This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2014:0885 https://rhn.redhat.com/errata/RHSA-2014-0885.html This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.2.4 Via RHSA-2014:0884 https://rhn.redhat.com/errata/RHSA-2014-0884.html This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 5.2.0 Via RHSA-2014:0886 https://rhn.redhat.com/errata/RHSA-2014-0886.html This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2014:0898 https://rhn.redhat.com/errata/RHSA-2014-0898.html This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2014:0897 https://rhn.redhat.com/errata/RHSA-2014-0897.html This issue has been addressed in following products: JBoss Operations Network 3.2.2 Via RHSA-2014:0910 https://rhn.redhat.com/errata/RHSA-2014-0910.html This issue has been addressed in the following products: JBoss Data Grid 6.4.0 Via RHSA-2015:0091 https://rhn.redhat.com/errata/RHSA-2015-0091.html This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2015:0235 https://rhn.redhat.com/errata/RHSA-2015-0235.html This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2015:0234 https://rhn.redhat.com/errata/RHSA-2015-0234.html This issue has been addressed in the following products: JBoss Data Virtualization 6.1.0 Via RHSA-2015:0675 https://rhn.redhat.com/errata/RHSA-2015-0675.html This issue has been addressed in the following products: Red Hat JBoss Fuse Service Works 6.0.0 Via RHSA-2015:0720 https://rhn.redhat.com/errata/RHSA-2015-0720.html This issue has been addressed in the following products: Red Hat JBoss Data Virtualization 6.0.0 Via RHSA-2015:0765 https://rhn.redhat.com/errata/RHSA-2015-0765.html This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html This issue has been addressed in the following products: Via RHSA-2015:1888 https://rhn.redhat.com/errata/RHSA-2015-1888.html |