CVE-2018-11758 - OpenCVE

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Cayenne

Configuration 1 [-]

OR	cpe:2.3:a:apache:cayenne::::::::
	cpe:2.3:a:apache:cayenne:3.1.1:::::::*
	cpe:2.3:a:apache:cayenne:3.1.2:::::::*
	cpe:2.3:a:apache:cayenne:3.2:milestone1::::::
	cpe:2.3:a:apache:cayenne:4.0:beta1::::::
	cpe:2.3:a:apache:cayenne:4.0:beta2::::::
	cpe:2.3:a:apache:cayenne:4.0:milestone2::::::
	cpe:2.3:a:apache:cayenne:4.0:milestone3::::::
	cpe:2.3:a:apache:cayenne:4.0:milestone4::::::
	cpe:2.3:a:apache:cayenne:4.0:milestone5::::::
	cpe:2.3:a:apache:cayenne:4.0:rc1::::::
	cpe:2.3:a:apache:cayenne:4.1:milestone1::::::

References

Link	Resource
http://www.securityfocus.com/bid/105142	Third Party Advisory VDB Entry
https://lists.apache.org/thread.html/ed60a4d329be3c722f105317ca883986dfcd17615c70d1df87f4528c%40%3Cuser.cayenne.apache.org%3E

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2018-08-22T00:00:00

Updated: 2018-08-28T09:57:01

Reserved: 2018-06-05T00:00:00

Link: CVE-2018-11758

JSON object: View

NVD Information

Status : Modified

Published: 2018-08-22T20:29:00.240

Modified: 2023-11-07T02:51:44.787

Link: CVE-2018-11758

JSON object: View

Redhat Information

No data.

CWE

CWE-611

{"containers": {"cna": {"affected": [{"product": "Apache Cayenne", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "4.1.M1"}, {"status": "affected", "version": "3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1"}, {"status": "affected", "version": "3.1, 3.1.1, 3.1.2"}]}], "datePublic": "2018-08-22T00:00:00", "descriptions": [{"lang": "en", "value": "This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing."}], "problemTypes": [{"descriptions": [{"description": "Information Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-28T09:57:01", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"name": "[cayenne-user] 20180822 CVE-2018-11758: Apache Cayenne XXE Vulnerability in CayenneModeler GUI tool", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ed60a4d329be3c722f105317ca883986dfcd17615c70d1df87f4528c%40%3Cuser.cayenne.apache.org%3E"}, {"name": "105142", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105142"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-08-22T00:00:00", "ID": "CVE-2018-11758", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Cayenne", "version": {"version_data": [{"version_value": "4.1.M1"}, {"version_value": "3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1"}, {"version_value": "3.1, 3.1.1, 3.1.2"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Information Disclosure"}]}]}, "references": {"reference_data": [{"name": "[cayenne-user] 20180822 CVE-2018-11758: Apache Cayenne XXE Vulnerability in CayenneModeler GUI tool", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ed60a4d329be3c722f105317ca883986dfcd17615c70d1df87f4528c@%3Cuser.cayenne.apache.org%3E"}, {"name": "105142", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105142"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-11758", "datePublished": "2018-08-22T00:00:00", "dateReserved": "2018-06-05T00:00:00", "dateUpdated": "2018-08-28T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:cayenne:*:*:*:*:*:*:*:*", "matchCriteriaId": "A45BC9B2-656A-4905-8184-4DE828569B40", "versionEndIncluding": "3.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "87533584-5B17-4159-AA08-EC535737E810", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:3.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "0975873A-CC34-4D0F-A56D-05B5380B9A72", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:3.2:milestone1:*:*:*:*:*:*", "matchCriteriaId": "7FF0AE8E-3ED0-4461-ADF2-3C5BF92248FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "54353968-CDE4-404A-AF3C-19C4EF010B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "30C167DA-CE35-4196-8820-57544174BEDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.0:milestone2:*:*:*:*:*:*", "matchCriteriaId": "59BB4BA9-F008-4283-8258-98766AE4B085", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.0:milestone3:*:*:*:*:*:*", "matchCriteriaId": "6EDD25F6-C3C6-45BD-AF31-4C4A8578C91A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.0:milestone4:*:*:*:*:*:*", "matchCriteriaId": "11F8CDD0-9A16-4A96-9B7F-1C87D00A8482", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.0:milestone5:*:*:*:*:*:*", "matchCriteriaId": "72A2690C-7F05-4CB0-8B18-1E14766CD89C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "4E2B239A-230E-4A47-9889-722A9D06C647", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:cayenne:4.1:milestone1:*:*:*:*:*:*", "matchCriteriaId": "8042AA22-69F3-47D3-9B04-BFB3D8A2FAA2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing."}, {"lang": "es", "value": "Esto afecta a Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1 y 3.1.2. CayenneModeler es una herramienta de interfaz de usuario gr\u00e1fica de escritorio suministrada con Apache Cayenne y destinada a la edici\u00f3n de modelos Cayenne ORM almacenados como archivos XML. Si un atacante enga\u00f1a a un usuario de CayenneModeler para abrir un archivo XML malicioso, el atacante ser\u00e1 capaz de instruir al analizador de XML incorporado en CayenneModeler para transferir archivos desde una m\u00e1quina local a una m\u00e1quina remota controlada por el atacante. La causa del problema es el analizador XML que procesa las declaraciones XXE (XML External Entity) incluidas en XML. La vulnerabilidad se soluciona en Cayenne desactivando el procesamiento XXE en todas las operaciones que requieran an\u00e1lisis XML."}], "id": "CVE-2018-11758", "lastModified": "2023-11-07T02:51:44.787", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-22T20:29:00.240", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105142"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/ed60a4d329be3c722f105317ca883986dfcd17615c70d1df87f4528c%40%3Cuser.cayenne.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-611"}], "source": "nvd@nist.gov", "type": "Primary"}]}