Back to list
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion Vulnerability
Aug 19 2015 11:48AM
Christofer Dutz (cdutz apache org)
CVE-2015-3269 Apache Flex BlazeDS Insecure Xml Entity Expansion
Vendor: The Apache Software Foundation
Versions Affected: Apache Flex BlazeDS 4.7.0
Description: When receiving XML encoded AMF messages containing DTD
default XML parser configurations allows expanding of entities to local
A request that included a specially crafted request parameter could be
access content that would otherwise be protected.
Mitigation: All users of Apache Flex BlazeDS prior to 4.7.1
Example: For an AMF message that contains the following xml payload:
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ELEMENT foo ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo>
the entity &xxe; would be expanded to the content of the file /etc/passwd.
However this expanded information is not automatically transferred back to
the client, but could be made available by the application.
Credit: This issue was discovered by ï»¿Matthias Kaiser of Code White
[ reply ]
Copyright 2010, SecurityFocus