SB2019060306 - SSRF in Apache Roller

Description

This security bulletin contains information about 1 security vulnerability.

1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2018-17198)

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input when the package relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE. A remote attacker can send a specially crafted HTTP request to the affected application and trick it to initiate requests to arbitrary systems.

Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.

Remediation

Install update from vendor's website.

References

• http://www.securityfocus.com/bid/108496
• https://lists.apache.org/thread.html/94a36ed9c6241558b1c6181d8dd4ff263be7903abd1d20067d4330d5@%3Cdev.roller.apache.org%3E