Vulnerabilities > CVE-2018-1000632 - XML Injection (aka Blind XPath Injection) vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- XML Injection An attacker utilizes crafted XML user-controllable input to probe, attack, and inject data into the XML database, using techniques similar to SQL injection. The user-controllable input can allow for unauthorized viewing of data, bypassing authentication or the front-end application for direct XML database access, and possibly altering database information.
- XPath Injection An attacker can craft special user-controllable input consisting of XPath expressions to inject the XML database and bypass authentication or glean information that he normally would not be able to. XPath Injection enables an attacker to talk directly to the XML database, thus bypassing the application completely. XPath Injection results from the failure of an application to properly sanitize input used as part of dynamic XPath expressions used to query an XML database. In order to successfully inject XML and retrieve information from a database, an attacker:
Nessus
NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2405.NASL description According to the version of the dom4j package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.(CVE-2018-1000632) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-10 plugin id 131897 published 2019-12-10 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131897 title EulerOS 2.0 SP2 : dom4j (EulerOS-SA-2019-2405) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(131897); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2018-1000632" ); script_name(english:"EulerOS 2.0 SP2 : dom4j (EulerOS-SA-2019-2405)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the dom4j package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.(CVE-2018-1000632) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2405 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ce1c471"); script_set_attribute(attribute:"solution", value: "Update the affected dom4j package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/10"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dom4j"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["dom4j-1.6.1-20.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dom4j"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2569.NASL description According to the version of the dom4j package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.(CVE-2018-1000632) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-12-19 plugin id 132286 published 2019-12-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132286 title EulerOS 2.0 SP3 : dom4j (EulerOS-SA-2019-2569) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(132286); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2018-1000632" ); script_name(english:"EulerOS 2.0 SP3 : dom4j (EulerOS-SA-2019-2569)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the dom4j package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.(CVE-2018-1000632) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2569 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5afee94a"); script_set_attribute(attribute:"solution", value: "Update the affected dom4j package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/19"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dom4j"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["dom4j-1.6.1-20.h1"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dom4j"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1160.NASL description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.22 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.21, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * admin-cli: wildfly-core: Cross-site scripting (XSS) in JBoss Management Console (CVE-2018-10934) * dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632) * jbossweb: tomcat: host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 125034 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125034 title RHEL 6 : JBoss EAP (RHSA-2019:1160) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:1160. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(125034); script_version("1.5"); script_cvs_date("Date: 2020/01/17"); script_cve_id("CVE-2018-1000632", "CVE-2018-10934", "CVE-2018-8034"); script_xref(name:"RHSA", value:"2019:1160"); script_name(english:"RHEL 6 : JBoss EAP (RHSA-2019:1160)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.22 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.21, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * admin-cli: wildfly-core: Cross-site scripting (XSS) in JBoss Management Console (CVE-2018-10934) * dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632) * jbossweb: tomcat: host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 6 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/documentation/en-US/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:1160" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-8034" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-10934" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-1000632" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-cxf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:dom4j-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:hornetq"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-api-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-impl-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-common-spi-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-api-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-core-impl-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-deployers-common-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-jdbc-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-spec-api-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ironjacamar-validator-eap6"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-appclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cli"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-client-all"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-clustering"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-cmp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-configadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-connector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-controller-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-core-security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-repository"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-deployment-scanner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-http"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-domain-management"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ee-deployment"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-ejb3"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-embedded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-host-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jacorb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jaxrs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jdr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jpa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsf"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-jsr77"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-logging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-mail"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-management-client-content"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-messaging"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-modcluster"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-naming"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-network"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-configadmin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-osgi-service"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-picketlink"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-platform-mbean"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-pojo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-process-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-protocol"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-remoting"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-sar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-security"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-system-jmx"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-threads"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-transactions"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-version"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-web"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-webservices"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-weld"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-as-xts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-hal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jboss-remote-naming"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-appclient"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-bundles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-domain"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-javadocs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-modules-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-product-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-standalone"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossas-welcome-content-eap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jbossweb"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:resteasy"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/01"); script_set_attribute(attribute:"patch_publication_date", value:"2019/05/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:1160"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL6", rpm:"jbossas-welcome-content-eap"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "JBoss EAP"); if (rpm_check(release:"RHEL6", reference:"apache-cxf-2.7.18-8.SP7_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"dom4j-eap6-1.6.1-22.redhat_9.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"hornetq-2.3.25-28.SP29_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-common-api-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-common-impl-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-common-spi-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-core-api-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-core-impl-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-deployers-common-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-jdbc-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-spec-api-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"ironjacamar-validator-eap6-1.0.43-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-appclient-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-cli-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-client-all-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-clustering-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-cmp-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-configadmin-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-connector-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-console-2.5.19-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-controller-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-controller-client-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-core-security-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-deployment-repository-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-deployment-scanner-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-domain-http-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-domain-management-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-ee-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-ee-deployment-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-ejb3-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-embedded-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-host-controller-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jacorb-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jaxr-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jaxrs-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jdr-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jmx-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jpa-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jsf-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-jsr77-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-logging-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-mail-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-management-client-content-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-messaging-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-modcluster-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-naming-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-network-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-configadmin-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-osgi-service-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-picketlink-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-platform-mbean-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-pojo-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-process-controller-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-protocol-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-remoting-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-sar-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-security-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-server-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-system-jmx-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-threads-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-transactions-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-version-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-web-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-webservices-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-weld-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-as-xts-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-hal-2.5.19-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jboss-remote-naming-1.0.15-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-appclient-7.5.22-2.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-bundles-7.5.22-2.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-core-7.5.22-2.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-domain-7.5.22-2.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-javadocs-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-modules-eap-7.5.22-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-product-eap-7.5.22-2.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-standalone-7.5.22-2.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossas-welcome-content-eap-7.5.22-2.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"jbossweb-7.5.30-1.Final_redhat_1.1.ep6.el6")) flag++; if (rpm_check(release:"RHEL6", reference:"resteasy-2.3.23-1.Final_redhat_1.1.ep6.el6")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "apache-cxf / dom4j-eap6 / hornetq / ironjacamar-common-api-eap6 / etc"); } }NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1077.NASL description This update for dom4j fixes the following issues : - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) This update was imported from the SUSE:SLE-12:Update update project. last seen 2020-06-05 modified 2018-10-01 plugin id 117852 published 2018-10-01 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117852 title openSUSE Security Update : dom4j (openSUSE-2018-1077) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2018-1077. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(117852); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2018-1000632"); script_name(english:"openSUSE Security Update : dom4j (openSUSE-2018-1077)"); script_summary(english:"Check for the openSUSE-2018-1077 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for dom4j fixes the following issues : - CVE-2018-1000632: Prevent XML injection vulnerability that allowed an attacker to tamper with XML documents (bsc#1105443) This update was imported from the SUSE:SLE-12:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1105443" ); script_set_attribute( attribute:"solution", value:"Update the affected dom4j packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dom4j"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dom4j-demo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dom4j-javadoc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:dom4j-manual"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.3"); script_set_attribute(attribute:"patch_publication_date", value:"2018/09/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/10/01"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE42\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE42.3", reference:"dom4j-1.6.1-31.3.2") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dom4j-demo-1.6.1-31.3.2") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dom4j-javadoc-1.6.1-31.3.2") ) flag++; if ( rpm_check(release:"SUSE42.3", reference:"dom4j-manual-1.6.1-31.3.2") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dom4j / dom4j-demo / dom4j-javadoc / dom4j-manual"); }NASL family CGI abuses NASL id JBOSS_EAP_RHSA-2019-1162.NASL description The version of Red Hat JBoss Enterprise Application Platform (EAP) installed on the remote host is 6.x prior to 6.4.22. It is therefore, affected my multiple vulnerabilities as referenced in the RHSA-2019:1162 advisory: - admin-cli: wildfly-core: Cross-site scripting (XSS) in JBoss Management Console (CVE-2018-10934) - dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632) - jbossweb: tomcat: host name verification missing in WebSocket client (CVE-2018-8034) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 132311 published 2019-12-19 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132311 title Red Hat JBoss Enterprise Application Platform 6.x < 6.4.22 Multiple Vulnerabilities NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0365.NASL description An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * wildfly-core: Cross-site scripting (XSS) in JBoss Management Console (CVE-2018-10934) * undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer (CVE-2018-14642) * dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 122333 published 2019-02-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122333 title RHEL 7 : JBoss EAP (RHSA-2019:0365) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1161.NASL description An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 6.4.22 serves as a replacement for Red Hat JBoss Enterprise Application Platform 6.4.21, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * admin-cli: wildfly-core: Cross-site scripting (XSS) in JBoss Management Console (CVE-2018-10934) * dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632) * jbossweb: tomcat: host name verification missing in WebSocket client (CVE-2018-8034) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. All users of Red Hat JBoss Enterprise Application Platform 6.4 on Red Hat Enterprise Linux 7 are advised to upgrade to these updated packages. The JBoss server process must be restarted for the update to take effect. last seen 2020-06-01 modified 2020-06-02 plugin id 125035 published 2019-05-14 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/125035 title RHEL 7 : JBoss EAP (RHSA-2019:1161) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1517.NASL description Mario Areias discovered that dom4j, a XML framework for Java, was vulnerable to a XML injection attack. An attacker able to specify attributes or elements in the XML document might be able to modify the whole XML document. For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 117673 published 2018-09-25 reporter This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/117673 title Debian DLA-1517-1 : dom4j security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2018-1486.NASL description This update for dom4j fixes the following issues : - CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents (bsc#1105443). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-05 modified 2018-12-07 plugin id 119494 published 2018-12-07 reporter This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119494 title openSUSE Security Update : dom4j (openSUSE-2018-1486) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1960.NASL description According to the version of the dom4j package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. (CVE-2018-1000632) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-23 plugin id 129117 published 2019-09-23 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129117 title EulerOS 2.0 SP5 : dom4j (EulerOS-SA-2019-1960) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-958.NASL description This update for dom4j fixes the following issues : - CVE-2018-1000632: Prevent XML injection that could have resulted in an attacker tampering with XML documents (bsc#1105443). This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 123387 published 2019-03-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/123387 title openSUSE Security Update : dom4j (openSUSE-2019-958) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-0364.NASL description An update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat JBoss Enterprise Application Platform is a platform for Java applications based on the JBoss Application Server. This release of Red Hat JBoss Enterprise Application Platform 7.1.6 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.5, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Security Fix(es) : * wildfly-core: Cross-site scripting (XSS) in JBoss Management Console (CVE-2018-10934) * undertow: Infoleak in some circumstances where Undertow can serve data from a random buffer (CVE-2018-14642) * dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 122332 published 2019-02-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122332 title RHEL 6 : JBoss EAP (RHSA-2019:0364) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3172.NASL description An update is now available for Red Hat Satellite 6.6 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. Security Fix(es) : * rubygem-rack: Buffer size in multipart parser allows for denial of service (CVE-2018-16470) * dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents (CVE-2018-1000632) * foreman: authorization bypasses in foreman-tasks leading to information disclosure (CVE-2019-10198) * katello: registry credentials are captured in plain text during repository discovery (CVE-2019-14825) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section. last seen 2020-04-23 modified 2019-10-24 plugin id 130187 published 2019-10-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130187 title RHEL 7 : Satellite Server (RHSA-2019:3172)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://ihacktoprotect.com/post/dom4j-xml-injection/
- https://github.com/dom4j/dom4j/issues/48
- https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
- https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html
- https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
- https://access.redhat.com/errata/RHSA-2019:0365
- https://access.redhat.com/errata/RHSA-2019:0364
- https://access.redhat.com/errata/RHSA-2019:0362
- https://access.redhat.com/errata/RHSA-2019:0380
- https://access.redhat.com/errata/RHSA-2019:1162
- https://access.redhat.com/errata/RHSA-2019:1161
- https://access.redhat.com/errata/RHSA-2019:1160
- https://access.redhat.com/errata/RHSA-2019:1159
- https://security.netapp.com/advisory/ntap-20190530-0001/
- https://access.redhat.com/errata/RHSA-2019:3172
- https://www.oracle.com/security-alerts/cpuapr2020.html
- https://www.oracle.com/security-alerts/cpujul2020.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
- https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce%40%3Cdev.maven.apache.org%3E
- https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768%40%3Cdev.maven.apache.org%3E
- https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc%40%3Ccommits.maven.apache.org%3E
- https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74%40%3Ccommits.maven.apache.org%3E
- https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f%40%3Cdev.maven.apache.org%3E
- https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0%40%3Ccommits.maven.apache.org%3E
- https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458%40%3Cdev.maven.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/
- https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E