CVE-2023-49735 - OpenCVE

** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles. This issue affects Apache Tiles from version 2 onwards. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Tiles

Configuration 1 [-]

cpe:2.3:a:apache:tiles:*:*:*:*:*:*:*:*

References

Link	Resource
https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p	Mailing List Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2023-11-30T21:17:28.243Z

Updated: 2023-12-12T08:40:27.319Z

Reserved: 2023-11-30T13:12:38.604Z

Link: CVE-2023-49735

JSON object: View

NVD Information

Status : Modified

Published: 2023-11-30T22:15:09.123

Modified: 2024-05-17T02:31:10.990

Link: CVE-2023-49735

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-49735", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2023-11-30T13:12:38.604Z", "datePublished": "2023-11-30T21:17:28.243Z", "dateUpdated": "2023-12-12T08:40:27.319Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Tiles", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "*", "status": "affected", "version": "2.0.0", "versionType": "semver"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Joseph Beeton of Contrast Security"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div>** UNSUPPORTED WHEN ASSIGNED **<br></div><div><br></div><div>The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.<br></div><p>This issue affects Apache Tiles from version 2 onwards.<br></p><p>NOTE: This vulnerability only affects products that are no longer supported by the maintainer.<br></p>"}], "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nThe value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.\n\nThis issue affects Apache Tiles from version 2 onwards.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2023-12-12T08:40:27.319Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "Apache Tiles: Unvalidated input may lead to path traversal and XXE", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:tiles:*:*:*:*:*:*:*:*", "matchCriteriaId": "DC95F767-D614-4F1B-8603-C3A86F7512E9", "versionStartIncluding": "2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "** UNSUPPORTED WHEN ASSIGNED **\n\nThe value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled data to this key may be relatively common, as it was also used like that to set the language in the 'tiles-test' application shipped with Tiles.\n\nThis issue affects Apache Tiles from version 2 onwards.\n\nNOTE: This vulnerability only affects products that are no longer supported by the maintainer.\n\n"}, {"lang": "es", "value": "** NO COMPATIBLE CUANDO EST\u00c1 ASIGNADO ** El valor establecido como atributo DefaultLocaleResolver.LOCALE_KEY en la sesi\u00f3n no se valid\u00f3 al resolver archivos de definici\u00f3n XML, lo que provoc\u00f3 un posible path traversal y, finalmente, SSRF/XXE al pasar datos controlados por el usuario a esta clave. Pasar datos controlados por el usuario a esta clave puede ser relativamente com\u00fan, ya que tambi\u00e9n se us\u00f3 as\u00ed para configurar el idioma en la aplicaci\u00f3n 'tiles-test' incluida con Tiles. Este problema afecta a Apache Tiles desde la versi\u00f3n 2 en adelante. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el mantenedor."}], "id": "CVE-2023-49735", "lastModified": "2024-05-17T02:31:10.990", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-11-30T22:15:09.123", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://lists.apache.org/thread/8ktm4vxr6vvc1qsxh6ft8jzmom1zl65p"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@apache.org", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Secondary"}]}