CVE-2018-1000632

Description

dom4j version prior to version 2.1.1 contains a CWE-91: XML Injection vulnerability in Class: Element. Methods: addElement, addAttribute that can result in an attacker tampering with XML documents through XML injection. This attack appear to be exploitable via an attacker specifying attributes or elements in the XML document. This vulnerability appears to have been fixed in 2.1.1 or later.

CVSS Metrics

• v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
• v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 1.61%• Percentile: 82%

Techniques & Countermeasures

• CWE-91•XML Injection (aka Blind XPath Injection)

  The product does not properly neutralize special elements that are used in XML, allowing attackers to modify the syntax, content, or commands of the XML before it is processed by an end system.

Affected Systems

• debian•debian_linux

  8.0

• dom4j_project•dom4j

  ≥ 2.0.0, < 2.0.3 | ≥ 2.1.0, < 2.1.1

• dom4j•dom4j

  ≤ 1.6.1

• org.dom4j•dom4j

  < 2.0.3 | ≥ 2.1.0, < 2.1.1

• netapp•oncommand_workflow_automation

  na

• netapp•snap_creator_framework

  na

• netapp•snapcenter

  na

• netapp•snapmanager

  na

• oracle•flexcube_investor_servicing

  12.0.4 | 12.1.0 | 12.3.0 | 12.4.0 | 14.0.0

• oracle•primavera_p6_enterprise_project_portfolio_management

  ≥ 16.1.0.0, ≤ 16.2.20.1 | ≥ 17.1.0.0, ≤ 17.12.17.1 | ≥ 18.1.0.0, ≤ 18.8.19.0 | ≥ 19.12.0.0, ≤ 19.12.6.0

• oracle•rapid_planning

  12.1 | 12.2

• oracle•retail_integration_bus

  15.0 | 16.0

• oracle•utilities_framework

  ≥ 4.3.0.2.0, ≤ 4.3.0.6.0 | 2.2.0 | 4.2.0.2.0 | 4.2.0.3.0 | 4.4.0.0.0 | 4.4.0.2

• redhat•jboss_enterprise_application_platform

  6.0.0 | 6.4.0 | 7.1.0

• redhat•satellite

  6.6

• redhat•satellite_capsule

  6.6

References (46)

• https://lists.debian.org/debian-lts-announce/2018/09/msg00028.html
• https://access.redhat.com/errata/RHSA-2019:0364
• https://access.redhat.com/errata/RHSA-2019:0362
• https://access.redhat.com/errata/RHSA-2019:0365
• https://access.redhat.com/errata/RHSA-2019:0380
• https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E
• https://access.redhat.com/errata/RHSA-2019:1160
• https://access.redhat.com/errata/RHSA-2019:1162
• https://access.redhat.com/errata/RHSA-2019:1159
• https://access.redhat.com/errata/RHSA-2019:1161
• https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce%40%3Cdev.maven.apache.org%3E
• https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768%40%3Cdev.maven.apache.org%3E
• https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc%40%3Ccommits.maven.apache.org%3E
• https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74%40%3Ccommits.maven.apache.org%3E
• https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f%40%3Cdev.maven.apache.org%3E
• https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0%40%3Ccommits.maven.apache.org%3E
• https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458%40%3Cdev.maven.apache.org%3E
• https://access.redhat.com/errata/RHSA-2019:3172
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html
• https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
• https://github.com/dom4j/dom4j/issues/48
• https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
• https://ihacktoprotect.com/post/dom4j-xml-injection/
• https://security.netapp.com/advisory/ntap-20190530-0001/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA/
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E
• https://nvd.nist.gov/vuln/detail/CVE-2018-1000632
• https://github.com/dom4j/dom4j/commit/c2a99d7dee8ce7a4e5bef134bb781a6672bd8a0f
• https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E
• https://lists.apache.org/thread.html/7e9e78f0e4288fac6591992836d2a80d4df19161e54bd71ab4b8e458@%3Cdev.maven.apache.org%3E
• https://lists.apache.org/thread.html/7f6e120e6ed473f4e00dde4c398fc6698eb383bd7857d20513e989ce@%3Cdev.maven.apache.org%3E
• https://lists.apache.org/thread.html/9d4c1af6f702c3d6d6f229de57112ddccac8ce44446a01b7937ab9e0@%3Ccommits.maven.apache.org%3E
• https://lists.apache.org/thread.html/d7d960b2778e35ec9b4d40c8efd468c7ce7163bcf6489b633491c89f@%3Cdev.maven.apache.org%3E
• https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOOVVCRQE6ATFD2JM2EMDXOQXTRIVZGP
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KJULAHVR3I5SX7OSMXAG75IMNSAYOXGA
• https://security.netapp.com/advisory/ntap-20190530-0001
• https://lists.apache.org/thread.html/5a020ecaa3c701f408f612f7ba2ee37a021644c4a39da2079ed3ddbc@%3Ccommits.maven.apache.org%3E
• https://lists.apache.org/thread.html/4a77652531d62299a30815cf5f233af183425db8e3c9a824a814e768@%3Cdev.maven.apache.org%3E
• https://lists.apache.org/thread.html/00571f362a7a2470fba50a31282c65637c40d2e21ebe6ee535a4ed74@%3Ccommits.maven.apache.org%3E
• https://ihacktoprotect.com/post/dom4j-xml-injection
• https://github.com/dom4j/dom4j
• https://github.com/advisories/GHSA-6pcc-3rfx-4gpm