Vulnerabilities > CVE-2015-2125 - XXE vulnerability in HP Webinspect

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

CWE-611

nessus

exploit available

NVD

Published: 2015-06-07

Updated: 2019-10-09

Summary

Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.

Vulnerable Configurations

Part	Description	Count
Application	Hp HP Webinspect 7.8 HP Webinspect 8.1 HP Webinspect 9.2 HP Webinspect 10.0 HP Webinspect 10.1 HP Webinspect 10.2 HP Webinspect 10.3 HP Webinspect 10.4	8

Common Weakness Enumeration (CWE)

CWE-611 - Improper Restriction of XML External Entity Reference ('XXE')

Exploit-Db

description	HP WebInspect <= 10.4 XML External Entity Injection. CVE-2015-2125. Webapps exploit for xml platform
file	exploits/xml/webapps/37250.txt
id	EDB-ID:37250
last seen	2016-02-04
modified	2015-06-10
platform	xml
port
published	2015-06-10
reporter	Jakub Palaczynski
source	https://www.exploit-db.com/download/37250/
title	HP WebInspect <= 10.4 XML External Entity Injection
type	webapps

Nessus

NASL family	Windows
NASL id	HP_WEBINSPECT_SSRT102038.NASL
description	The version of HP WebInspect installed on the remote Windows host is affected by an unauthorized information disclosure vulnerability due to an XML external entity injection flaw that is triggered during the parsing of XML data. A remote attacker can exploit this, via a malicious website scanned by HP WebInspect, to read arbitrary system files.
last seen	2020-06-01
modified	2020-06-02
plugin id	84194
published	2015-06-15
reporter	This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/84194
title	HP WebInspect XXE Unauthorized Information Disclosure
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(84194); script_version("1.8"); script_cvs_date("Date: 2019/11/22"); script_cve_id("CVE-2015-2125"); script_bugtraq_id(75036); script_xref(name:"HP", value:"HPSBGN03343"); script_xref(name:"HP", value:"SSRT102038"); script_xref(name:"HP", value:"emr_na-c04695307"); script_xref(name:"EDB-ID", value:"37250"); script_name(english:"HP WebInspect XXE Unauthorized Information Disclosure"); script_summary(english:"Checks the version of HP WebInspect."); script_set_attribute(attribute:"synopsis", value: "A web security application on the remote host is affected by an unauthorized information disclosure vulnerability."); script_set_attribute(attribute:"description", value: "The version of HP WebInspect installed on the remote Windows host is affected by an unauthorized information disclosure vulnerability due to an XML external entity injection flaw that is triggered during the parsing of XML data. A remote attacker can exploit this, via a malicious website scanned by HP WebInspect, to read arbitrary system files."); # https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c04695307 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?94288510"); script_set_attribute(attribute:"see_also", value:"https://www.exploit-db.com/exploits/37250/"); script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/535683"); script_set_attribute(attribute:"solution", value: "Upgrade to HP WebInspect version 10.40.282.10 (10.4 Software Update 1) or later. Note that HP has not yet made this update generally available via SmartUpdate, and you must contact HP Support directly for the fix."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-2125"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/03"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/15"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:hp:web_inspect"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Windows"); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("hp_webinspect_installed.nbin"); script_require_keys("installed_sw/HP WebInspect"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("install_func.inc"); get_kb_item_or_exit("SMB/Registry/Enumerated"); appname = 'HP WebInspect'; install = get_single_install(app_name:appname,exit_if_unknown_ver:TRUE); version = install["version"]; path = install["path"]; port = get_kb_item("SMB/transport"); if (!port) port = 445; if( # 10.40.282.10 Confirmed fix by HP ver_compare(ver:version, fix:"10.40.282.10", strict:FALSE) < 0 && ver_compare(ver:version, fix:"7.0.0.0", strict:FALSE) >= 0 ) { report = NULL; if(report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : 10.40.282.10\n'; } security_warning(port:port, extra:report); } else audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

Packetstorm

data source	https://packetstormsecurity.com/files/download/132280/hpwebinspect-xxe.txt
id	PACKETSTORM:132280
last seen	2016-12-05
published	2015-06-12
reporter	Jakub Palaczynski
source	https://packetstormsecurity.com/files/132280/HP-WebInspect-10.4-XML-External-Entity.html
title	HP WebInspect 10.4 XML External Entity