CVE-2018-17198

Published May 28, 2019

Last updated 2 years ago

CVSS critical 9.8

Overview

Description: Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below:
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-918

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:roller:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89B0F0AE-B2C0-46EF-8F4E-536C7D5BEB00",
            "versionEndIncluding": "5.1.2"
          },
          {
            "criteria": "cpe:2.3:a:apache:roller:5.2.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3BF42DD4-DC14-4431-B003-F47573F48F44"
          },
          {
            "criteria": "cpe:2.3:a:apache:roller:5.2.0:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6111BFC4-E2DC-4F24-AC3E-E8B0A2F59EE4"
          },
          {
            "criteria": "cpe:2.3:a:apache:roller:5.2.0:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "317F3048-B64D-4025-B32A-7253D92099E9"
          },
          {
            "criteria": "cpe:2.3:a:apache:roller:5.2.0:rc4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFE5F4B0-FAC9-42BD-835D-8FE17BCFCAFE"
          },
          {
            "criteria": "cpe:2.3:a:apache:roller:5.2.0:rc5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B985BFD-C455-4348-9BDF-5ABB49EDE155"
          },
          {
            "criteria": "cpe:2.3:a:apache:roller:5.2.0:rc6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0C2BDB35-8383-4FE5-8863-D46AA7CB3925"
          },
          {
            "criteria": "cpe:2.3:a:apache:roller:5.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92C690A2-4772-493E-8220-133E12692AC9"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References