Bug 1620529 (CVE-2018-1000632)

Summary: CVE-2018-1000632 dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
Product: [Other] Security Response Reporter: Andrej Nemec <anemec>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: abergmann, aileenc, alazarot, anstephe, avibelli, bbuckingham, bcourt, bgeorges, bkearney, bmaxwell, bmcclain, cbillett, cbyrne, cdewolf, chazlett, cmacedo, cmoulliard, csutherl, darran.lofthouse, dbhole, dblechte, dfediuck, dffrench, dimitris, dkreling, dosoudil, drieden, drusso, eedri, etirelli, fgavrilo, gvarsami, gzaronik, hdegoede, hhorak, ibek, ikanello, java-maint, jawilson, jbalunas, jclere, jcoleman, jmadigan, jochrist, jondruse, jorton, jpallich, jshepherd, jwon, kconner, krathod, kverlaen, ldimaggi, lgao, lgriffin, loleary, lpetrovi, lthon, mbabacek, meissner, mgoldboi, michal.skrivanek, mizdebsk, mmccune, mrike, msimacek, mszynkie, myarboro, ngough, nsantos, nwallace, ohadlevy, paradhya, pdrozd, pgallagh, pgier, pjindal, pjurak, ppalaga, psakar, pslavice, psotirop, pwright, rchan, rjerrido, rnetuka, rrajasek, rruss, rstancel, rsvoboda, rsynek, rwagner, rzhang, sbonazzo, sdaley, sherold, spinder, sstavrev, sthorger, tcunning, theute, tkirby, tlestach, tomckay, trepel, trogers, twalsh, vtunka, weli, yturgema
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dom4j 2.0.3, dom4j 2.1.1 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-10 10:36:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1620535, 1626282, 1626283, 1639569, 1639570, 1639571, 1639572, 1643126    
Bug Blocks: 1620537    

Description Andrej Nemec 2018-08-23 06:48:41 UTC 
XML Injection vulnerability was found in dom4j in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document.

Upstream issue:

https://github.com/dom4j/dom4j/issues/48

Upstream patch:

https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387

References:

https://ihacktoprotect.com/post/dom4j-xml-injection/
Comment 1 Andrej Nemec 2018-08-23 06:50:18 UTC 
Created dom4j tracking bugs for this issue:

Affects: fedora-all [bug 1620535]
Comment 7 errata-xmlrpc 2019-02-18 15:42:52 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2019:0362 https://access.redhat.com/errata/RHSA-2019:0362
Comment 8 errata-xmlrpc 2019-02-18 15:46:46 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 6

Via RHSA-2019:0364 https://access.redhat.com/errata/RHSA-2019:0364
Comment 9 errata-xmlrpc 2019-02-18 15:49:06 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 7.1 for RHEL 7

Via RHSA-2019:0365 https://access.redhat.com/errata/RHSA-2019:0365
Comment 10 errata-xmlrpc 2019-02-19 17:18:58 UTC 
This issue has been addressed in the following products:

  Red Hat Single Sign-On 7.2.6 zip

Via RHSA-2019:0380 https://access.redhat.com/errata/RHSA-2019:0380
Comment 11 errata-xmlrpc 2019-05-13 17:01:19 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5

Via RHSA-2019:1159 https://access.redhat.com/errata/RHSA-2019:1159
Comment 12 errata-xmlrpc 2019-05-13 17:04:11 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 7

Via RHSA-2019:1161 https://access.redhat.com/errata/RHSA-2019:1161
Comment 13 errata-xmlrpc 2019-05-13 17:06:56 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 6

Via RHSA-2019:1160 https://access.redhat.com/errata/RHSA-2019:1160
Comment 14 errata-xmlrpc 2019-05-13 17:24:53 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Enterprise Application Platform

Via RHSA-2019:1162 https://access.redhat.com/errata/RHSA-2019:1162
Comment 15 Joshua Padman 2019-05-15 22:51:42 UTC 
This vulnerability is out of security support scope for the following products:
 * Red Hat JBoss Operations Network 3
 * Red Hat JBoss Fuse 6
 * Red Hat JBoss Fuse Service Works 6
 * Red Hat JBoss SOA Platform 5
 * Red Hat JBoss BRMS 5
 * Red Hat JBoss BRMS 6
 * Red Hat JBoss BPM Suite 6

Please refer to https://access.redhat.com/support/policy/updates/jboss_notes for more details.
Comment 20 errata-xmlrpc 2019-10-22 12:46:31 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.6 for RHEL 7

Via RHSA-2019:3172 https://access.redhat.com/errata/RHSA-2019:3172
Comment 24 errata-xmlrpc 2020-07-28 15:54:09 UTC 
This issue has been addressed in the following products:

  Red Hat Fuse 7.7.0

Via RHSA-2020:3192 https://access.redhat.com/errata/RHSA-2020:3192