CVE-2010-3260

oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an "XML injection" issue.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/47362
http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004	Exploit
https://github.com/orbeon/orbeon-forms/commit/aba6681660f65af7f1676434da68c10298c30200	Patch
http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39	Patch

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:orbeon:forms:3.7.1:::::::*
	cpe:2.3:a:orbeon:forms:3.6:::::::*
	cpe:2.3:a:orbeon:forms:3.5:::::::*
	cpe:2.3:a:orbeon:forms:3.0:::::::*
	cpe:2.3:a:orbeon:forms:2.2:::::::*
	cpe:2.3:a:orbeon:forms:2.1:::::::*
	cpe:2.3:a:orbeon:forms:2.0:::::::*
	cpe:2.3:a:orbeon:forms:1.5:::::::*
	cpe:2.3:a:orbeon:forms:3.8:::::::*
	cpe:2.3:a:orbeon:forms:2.8:::::::*
	cpe:2.3:a:orbeon:forms:2.6:::::::*
	cpe:2.3:a:orbeon:forms:2.5:::::::*
	cpe:2.3:a:orbeon:forms::::::::
	cpe:2.3:a:orbeon:forms:2.7:::::::*

Information

Published : 2011-04-26 17:55

Updated : 2011-07-18 21:00

NVD link : CVE-2010-3260

Mitre link : CVE-2010-3260

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

orbeon

forms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/47362", "name": "47362", "tags": [], "refsource": "BID"}, {"url": "http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004", "name": "http://www.stratsec.net/Research/Advisories/Orbeon-Forms-XML-Entity-Dereferencing-%28SS-2011-004", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "https://github.com/orbeon/orbeon-forms/commit/aba6681660f65af7f1676434da68c10298c30200", "name": "https://github.com/orbeon/orbeon-forms/commit/aba6681660f65af7f1676434da68c10298c30200", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39", "name": "http://wiki.orbeon.com/forms/doc/developer-guide/release-notes/39", "tags": ["Patch"], "refsource": "CONFIRM"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server component in the XForms service in Orbeon Forms before 3.9 does not properly restrict DTDs in Ajax requests, which allows remote attackers to read arbitrary files or send HTTP requests to intranet servers via an entity declaration in conjunction with an entity reference, related to an \"XML injection\" issue."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-3260", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-04-27T00:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:orbeon:forms:3.7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:3.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:3.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:3.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:2.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.8.1"}, {"cpe23Uri": "cpe:2.3:a:orbeon:forms:2.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-07-19T04:00Z"}