7.5
CVSSv2

CVE-2018-11788

Published: 07/01/2019 Updated: 12/02/2019
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 725
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version before 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases.

Vulnerability Trend

Affected Products

Vendor Product Versions
ApacheKaraf2.0.0, 2.1.0, 2.1.1, 2.1.2, 2.1.3, 2.1.4, 2.1.5, 2.1.6, 2.2.0, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.3.0, 2.3.1, 2.3.2, 2.3.3, 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.3.12, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.2.0, 4.2.1

Vendor Advisories

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder The features XML is parsed by XMLInputFactory class Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE This is a potential security risk as an user can inject external XM ...

Github Repositories

Summary Apache Karaf is a modern and polymorphic applications container It's a lightweight, powered, and enterprise ready container powered by OSGi Apache Karaf is a "product project", providing a complete and turnkey runtime The runtime is "multi-facets", meaning that you can deploy different kind of applications: OSGi or non OSGi, webapplication, s

TechArticles A set of tech articles Table of Contents 渗透测试学习笔记之综合渗透案例一 谈一谈如何建设体系化的安全运营中心(SOC) 甲方安全建设的一些思路和思考 Apache Karaf XXE Vulnerability (CVE-2018-11788) Magento Unauthorized Remote Code Execution (CVE-2016-4010) Apache Tika Denial of Service Vulnerability (CVE-2018-11761)

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :