CVE-2020-5529 - OpenCVE

HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Canonical	Ubuntu Linux
Htmlunit	Htmlunit
Apache	Camel

Configuration 1 [-]

cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 [-]

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*

Configuration 4 [-]

cpe:2.3:a:apache:camel:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0	Release Notes Third Party Advisory
https://jvn.jp/en/jp/JVN34535327/	Third Party Advisory
https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E
https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html	Mailing List Third Party Advisory
https://usn.ubuntu.com/4584-1/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: jpcert

Published: 2020-02-11T08:35:12

Updated: 2020-10-20T23:06:14

Reserved: 2020-01-06T00:00:00

Link: CVE-2020-5529

JSON object: View

NVD Information

Status : Modified

Published: 2020-02-11T12:15:21.210

Modified: 2023-12-07T17:56:27.147

Link: CVE-2020-5529

JSON object: View

Redhat Information

No data.

CWE

CWE-665

{"containers": {"cna": {"affected": [{"product": "HtmlUnit", "vendor": "HtmlUnit Project", "versions": [{"status": "affected", "version": "prior to 2.37.0"}]}], "descriptions": [{"lang": "en", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}], "problemTypes": [{"descriptions": [{"description": "Remote code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T23:06:14", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"tags": ["third-party-advisory", "x_refsource_JVN"], "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"}, {"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"name": "USN-4584-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4584-1/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2020-5529", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "HtmlUnit", "version": {"version_data": [{"version_value": "prior to 2.37.0"}]}}]}, "vendor_name": "HtmlUnit Project"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Remote code execution"}]}]}, "references": {"reference_data": [{"name": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0", "refsource": "CONFIRM", "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"name": "https://jvn.jp/en/jp/JVN34535327/", "refsource": "JVN", "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"name": "[camel-commits] 20200520 [camel] branch camel-2.25.x updated: Updating htmlunit due to CVE-2020-5529", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563@%3Ccommits.camel.apache.org%3E"}, {"name": "[debian-lts-announce] 20200815 [SECURITY] [DLA 2326-1] htmlunit security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"name": "USN-4584-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4584-1/"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2020-5529", "datePublished": "2020-02-11T08:35:12", "dateReserved": "2020-01-06T00:00:00", "dateUpdated": "2020-10-20T23:06:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htmlunit:htmlunit:*:*:*:*:*:*:*:*", "matchCriteriaId": "BAC2C61D-D942-4FFE-A5DF-2AC6988CA665", "versionEndExcluding": "2.37.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:-:*:*:*:*:*:*:*", "matchCriteriaId": "D7F3BF7D-C547-4FBE-908C-BCB5D83BEDA9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. HtmlUnit initializes Rhino engine improperly, hence a malicious JavScript code can execute arbitrary Java code on the application. Moreover, when embedded in Android application, Android-specific initialization of Rhino engine is done in an improper way, hence a malicious JavaScript code can execute arbitrary Java code on the application."}, {"lang": "es", "value": "HtmlUnit anterior a 2.37.0, contiene vulnerabilidades de ejecuci\u00f3n de c\u00f3digo. HtmlUnit inicializa el motor Rhino inapropiadamente, por lo tanto, un c\u00f3digo JavScript malicioso puede ejecutar c\u00f3digo Java arbitrario en la aplicaci\u00f3n. Adicionalmente, cuando se inserta en la aplicaci\u00f3n de Android, la inicializaci\u00f3n del motor Rhino espec\u00edfica de Android se lleva a cabo de manera inapropiada, por lo tanto, un c\u00f3digo JavaScript malicioso puede ejecutar c\u00f3digo Java arbitrario sobre la aplicaci\u00f3n."}], "id": "CVE-2020-5529", "lastModified": "2023-12-07T17:56:27.147", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-11T12:15:21.210", "references": [{"source": "vultures@jpcert.or.jp", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/HtmlUnit/htmlunit/releases/tag/2.37.0"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN34535327/"}, {"source": "vultures@jpcert.or.jp", "url": "https://lists.apache.org/thread.html/ra2cd7f8e61dc6b8a2d9065094cd1f46aa63ad10f237ee363e26e8563%40%3Ccommits.camel.apache.org%3E"}, {"source": "vultures@jpcert.or.jp", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00023.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4584-1/"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-665"}], "source": "nvd@nist.gov", "type": "Primary"}]}