CVE-2018-17198 - OpenCVE

Vendors	Products
Apache	Roller

Link	Providers
http://www.securityfocus.com/bid/108496
https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E

{"containers": {"cna": {"affected": [{"product": "Apache Roller", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "5.2.1"}, {"status": "affected", "version": "5.2.0"}, {"status": "affected", "version": "earlier unsupported versions"}]}], "datePublic": "2019-01-11T00:00:00", "descriptions": [{"lang": "en", "value": "Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: "}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-29T12:06:02", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E"}, {"name": "108496", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/108496"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2018-17198", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Roller", "version": {"version_data": [{"version_value": "5.2.1"}, {"version_value": "5.2.0"}, {"version_value": "earlier unsupported versions"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: "}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E", "refsource": "MISC", "url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E"}, {"name": "108496", "refsource": "BID", "url": "http://www.securityfocus.com/bid/108496"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T10:47:03.755Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E"}, {"name": "108496", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/108496"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-17198", "datePublished": "2019-05-28T17:08:11", "dateReserved": "2018-09-19T00:00:00", "dateUpdated": "2024-08-05T10:47:03.755Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*", "matchCriteriaId": "89B0F0AE-B2C0-46EF-8F4E-536C7D5BEB00", "versionEndIncluding": "5.1.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:roller:5.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "3BF42DD4-DC14-4431-B003-F47573F48F44", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "6111BFC4-E2DC-4F24-AC3E-E8B0A2F59EE4", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "317F3048-B64D-4025-B32A-7253D92099E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc4:*:*:*:*:*:*", "matchCriteriaId": "AFE5F4B0-FAC9-42BD-835D-8FE17BCFCAFE", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc5:*:*:*:*:*:*", "matchCriteriaId": "4B985BFD-C455-4348-9BDF-5ABB49EDE155", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:roller:5.2.0:rc6:*:*:*:*:*:*", "matchCriteriaId": "0C2BDB35-8383-4FE5-8863-D46AA7CB3925", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:roller:5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "92C690A2-4772-493E-8220-133E12692AC9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: "}, {"lang": "es", "value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3nes (SSRF) y de enumeraci\u00f3n de archivos en el lado del servidor en Apache Roller versi\u00f3n 5.2.1, 5.2.0 y anteriores no compatibles, se basa en Java SAX Parser para implementar su interfaz XML-RPC y, por defecto, este analizador admite entidades externas en XML DOCTYPE, que expone a Roller a la vulnerabilidad de tipo SSRF o enumeraci\u00f3n de archivos. Es importante indicar que esta vulnerabilidad se presenta incluso si la interfaz Roller XML-RPC est\u00e1 deshabilitada por medio de la interfaz de usuario administrador de Roller Web. Mitigaci\u00f3n: se presenta un par de formas en que se puede solucionar esta vulnerabilidad: 1) Actualice a la \u00faltima versi\u00f3n de Roller, que ahora es versi\u00f3n 5.2.2 2) o, edite el archivo Roller web.xml y comente el mapeo Servlet XML-RPC como se indica a continuaci\u00f3n:"}], "id": "CVE-2018-17198", "lastModified": "2023-11-07T02:54:12.263", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-05-28T18:29:00.273", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "http://www.securityfocus.com/bid/108496"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5%40%3Cdev.roller.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object