Vigil@nce - Xalan-Java: vulnerabilities of FEATURE_SECURE_PROCESSING
April 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of the
FEATURE_SECURE_PROCESSING implementation in Xalan-Java.
– Impacted products: Xalan-Java, Debian, Fedora, RHEL
– Severity: 2/4
– Creation date: 25/03/2014
DESCRIPTION OF THE VULNERABILITY
The FEATURE_SECURE_PROCESSING (http://javax.xml.XMLConstants/feature/secure-processing)
constant requires Xalan-Java to analyze XML files in a secure way,
in order for example to block denial of service attacks. However,
it is impacted by three vulnerabilities.
An attacker can access to XSLT 1.0 system-property(), in order to
obtain sensitive information. [severity:2/4]
The xalan:content-handler and xalan:entities properties can be
used to load a class or an external resource. [severity:2/4;
XALANJ-2435]
If BSF (Bean Scripting Framework) is in the classpath, an attacker
can open a JAR, in order to execute code. [severity:2/4]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Xalan-Java-vulnerabilities-of-FEATURE-SECURE-PROCESSING-14468