[jira] [Comment Edited] (AXIS2-6060) [Axis2]Security Vulnerability - Action Required: XXE vulnerability in the newest version of org.apache.axis2:axis2

Sun, 29 Oct 2023 04:40:04 -0700 


    [ 
https://issues.apache.org/jira/browse/AXIS2-6060?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17756580#comment-17756580
 ] 

Andreas Veithen edited comment on AXIS2-6060 at 10/29/23 11:39 AM:
-------------------------------------------------------------------

Note that the schema files are loaded from the classpath. If an attacker can 
manipulate the classpath, then they would be able to execute arbitrary code 
anyway. I don't see how an attacker would achieve any kind of privilege 
escalation.


was (Author: veithen):
Note that the schema files are loaded from the classpath. If an attacker can 
manipulate the classpath, then they would be able to execute arbitrary code 
anyway. I don't see how there an attacker would achieve any kind of privilege 
escalation.

> [Axis2]Security Vulnerability - Action Required: XXE vulnerability in the 
> newest version of org.apache.axis2:axis2
> ------------------------------------------------------------------------------------------------------------------
>
>                 Key: AXIS2-6060
>                 URL: https://issues.apache.org/jira/browse/AXIS2-6060
>             Project: Axis2
>          Issue Type: Bug
>          Components: codegen, wsdl
>    Affects Versions: 1.8.0
>            Reporter: Yiheng Cao
>            Priority: Major
>
> The vulnerability is present in the class 
> org.apache.axis2.wsdl.codegen.extension.JAXBRIExtension   of method 
> getNamespaceAwareDocumentBuilder()  , which is responsible for getting a 
> DocumentBuilder object that supports namespace resolution. The vulnerable 
> call chain we discover is: *engage(CodeGenConfiguration 
> configuration)→loadAdditionalSchemas()→getNamespaceAwareDocumentBuilder().*
> Given that the XML schema files stored in the 
> /org/apache/axis2/wsdl/codegen/schema/ which is compromised by a hacker, the 
> victim conducts regular process which incorporates the execution of method 
> engage(), resulting in an XML External Entity (XXE) Injection attack.  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: java-dev-unsubscr...@axis.apache.org
For additional commands, e-mail: java-dev-h...@axis.apache.org

Reply via email to