One Article Review
| Source |  Mandiant |
|---|---|
| Identifiant | 8500397 |
| Date de publication | 2024-04-09 14:00:00 (vue: 2024-05-15 19:06:53) |
| Titre | Apache XML Security pour la bibliothèque C ++ permet la contrefaçon de demande côté serveur Apache XML Security for C++ Library Allows for Server-Side Request Forgery |
| Texte | Written by: Jacob Thompson
The Apache XML Security for C++ library, code named xml-security-c, is part of the Apache Santuario project. The library implements the XML Digital Signature and the XML Signature specifications, making them available to C++ developers. By default, the library resolves references to external URIs passed in Extensible Markup Language (XML) signatures, allowing for server-side request forgery (SSRF). There is no way to disable this feature through configuration alone, and there is no patch available; the developer must either scan their codebase to find every usage of xml-security-c and override the URI resolver to avoid SSRF, or manually patch and recompile the library to remove the capability entirely. We recommend that C++ developers using XML audit their code bases for usage of this library and determine whether they have introduced a security vulnerability, and if so, modify their code to avoid SSRF. Background Server-side request forgery (SSRF) is a class of security vulnerability in which an untrusted party tricks a server into making an HTTP request by passing the server a malicious input. Although the attacker usually cannot view the response, requests to the loopback interface (127.0.0.1), RFC 1918 addresses (e.g., 10.0.0.0/8 or 192.168.0.0/16), or any other destination occur from the point of view of the server, allowing requests that would otherwise be restricted by firewall rules or that would be impossible to perform externally. Consider the obvious consequences if a server\'s uninterruptible power supply offers a web service bound to 127.0.0.1:8080 without authentication and that accepts a GET request http://127.0.0.1:8080/ups/changePowerState?state=off-and what happens if this service is reachable via server-side request forgery. The Extensible Markup Language (XML) is complex and contains many optional features that are not suitable or even useful in the common case of a server accepting untrusted XML documents on an external interface. Some allow cross-site request forgery just by initializing an XML parser in its default configuration and passing an untrusted document. For example, XML External Entities allow a document to define custom entity values (analogous to < meaning |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | 0/16 0/8 127 168 1918 192 1:8080 1:8080/ups/changepowerstate 20010315 20010315#withcomments 2010s 2017 2023 2024 21893 36661 |
| Tags | Vulnerability |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.