====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN509
_____________________________________________________________________

DATE                : 11/09/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Apache Cocoon versions prior to
                                     2.1.13.

=====================================================================
http://mail-archives.apache.org/mod_mbox/www-announce/202009.mbox/%3cbdc77163-a100-004c-7441-e0062a2161e7@apache.org%3e
_____________________________________________________________________


[CVE-2020-11991] Apache Cocoon security vulnerability

Severity: Important

Vendor: The Apache Software Foundation

Versions Affected: Apache Cocoon up to 2.1.12

Description: When using the StreamGenerator, the code parse a
user-provided XML.

A specially crafted XML, including external system entities, could be
used to access any file on the server system.

Mitigation:

The StreamGenerator now ignores external entities. 2.1.x users should
upgrade to 2.1.13

Example:

With the following input :

<!--?xml version="1.0" ?--> <!DOCTYPE replace [<!ENTITY ent SYSTEM
"file:///etc/shadow"> ]> <userInfo> <firstName>John</firstName>
<lastName>&ent;</lastName> </userInfo> an attacker got the content of

/etc/shadow

Credit: This issue was discovered by Nassim Asrir.


Regards,


Cédric Damioli

=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================