CVE-2023-49735 - Vulnerability Details - OpenCVE

** UNSUPPORTED WHEN ASSIGNED **

The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.

This issue affects Apache Tiles from version 2 onwards.

NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00856.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Apache	Tiles

Configuration 1 [-]

cpe:2.3:a:apache:tiles:*:*:*:*:*:*:*:*

No data.

No data.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p

History

Wed, 20 Nov 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: apache

Published: 2023-11-30T21:17:28.243Z

Updated: 2024-11-20T18:12:54.281Z

Reserved: 2023-11-30T13:12:38.604Z

Link: CVE-2023-49735

Vulnrichment

Updated: 2024-08-02T22:01:25.684Z

NVD

Status : Modified

Published: 2023-11-30T22:15:09.123

Modified: 2024-11-21T08:33:45.020

Link: CVE-2023-49735

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-49735", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-11-30T13:12:38.604Z", "datePublished": "2023-11-30T21:17:28.243Z", "dateUpdated": "2024-11-20T18:12:54.281Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Tiles", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "*", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Joseph Beeton of Contrast Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>** UNSUPPORTED WHEN ASSIGNED **<br></div><div><br></div><div>The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.<br></div><p>This issue affects Apache Tiles from version 2 onwards.<br></p><p>NOTE: This vulnerability only affects products that are no longer supported by the maintainer.<br></p>"}], "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nThe value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.\n\nThis issue affects Apache Tiles from version 2 onwards.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-12-12T08:40:27.319Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "Apache Tiles: Unvalidated input may lead to path traversal and XXE", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.684Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T18:11:49.003294Z", "id": "CVE-2023-49735", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T18:12:54.281Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T22:01:25.684Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-49735", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-20T18:11:49.003294Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T18:12:22.934Z"}}], "cna": {"tags": ["unsupported-when-assigned"], "title": "Apache Tiles: Unvalidated input may lead to path traversal and XXE", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Joseph Beeton of Contrast Security"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Tiles", "versions": [{"status": "affected", "version": "2.0.0", "lessThan": "*", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nThe value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.\n\nThis issue affects Apache Tiles from version 2 onwards.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n", "supportingMedia": [{"type": "text/html", "value": "<div>** UNSUPPORTED WHEN ASSIGNED **<br></div><div><br></div><div>The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.<br></div><p>This issue affects Apache Tiles from version 2 onwards.<br></p><p>NOTE: This vulnerability only affects products that are no longer supported by the maintainer.<br></p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-12-12T08:40:27.319Z"}}}, "cveMetadata": {"cveId": "CVE-2023-49735", "state": "PUBLISHED", "dateUpdated": "2024-11-20T18:12:54.281Z", "dateReserved": "2023-11-30T13:12:38.604Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2023-11-30T21:17:28.243Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tiles:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC95F767-D614-4F1B-8603-C3A86F7512E9", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "security@apache.org", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nThe value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.\n\nThis issue affects Apache Tiles from version 2 onwards.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** El valor establecido como atributo DefaultLocaleResolver.LOCALE_KEY en la sesi\u00f3n no se valid\u00f3 al resolver archivos de definici\u00f3n XML, lo que provoc\u00f3 un posible path traversal y, finalmente, SSRF/XXE al pasar datos controlados por el usuario a esta clave. Pasar datos controlados por el usuario a esta clave puede ser relativamente com\u00fan, ya que tambi\u00e9n se us\u00f3 as\u00ed para configurar el idioma en la aplicaci\u00f3n 'tiles-test' incluida con Tiles. Este problema afecta a Apache Tiles desde la versi\u00f3n 2 en adelante. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor."}], "id": "CVE-2023-49735", "lastModified": "2024-11-21T08:33:45.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-30T22:15:09.123", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}