CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
88.8%
WSO2 Identity Server is prone to a XML external entity (XXE)
vulnerability.
# SPDX-FileCopyrightText: 2016 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:wso2:identity_server";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.106343");
script_version("2024-06-28T15:38:46+0000");
script_cve_id("CVE-2016-4311", "CVE-2016-4312");
script_tag(name:"last_modification", value:"2024-06-28 15:38:46 +0000 (Fri, 28 Jun 2024)");
script_tag(name:"creation_date", value:"2016-10-10 12:16:07 +0700 (Mon, 10 Oct 2016)");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-10-09 20:00:00 +0000 (Tue, 09 Oct 2018)");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("WSO2 Identity Server CSRF And XXE Vulnerabilities");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2016 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_wso2_carbon_detect.nasl");
script_mandatory_keys("wso2_carbon_identity_server/detected");
script_tag(name:"summary", value:"WSO2 Identity Server is prone to a XML external entity (XXE)
vulnerability.");
script_tag(name:"insight", value:"WSO2 Identity Server is vulnerable to XXE attack which is a type of attack
against an application that parses XML input. When Identity Server used with its XACML feature, it parses
XACML requests and XACML policies which contain XML entries according to the XACML specification. This attack
occurs when a XACML request or a policy containing a reference to an external entity is processed by a weakly
configured XML parser.");
script_tag(name:"impact", value:"An authenticated attacker may disclose local files, conduct adenial of
service and server-side request forgery, port scanning and other system impacts on affected systems.");
script_tag(name:"affected", value:"WSO2 Identity Server 5.1.0.");
script_tag(name:"solution", value:"Apply the provide patch or upgrade to 5.2.0 or later.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!version = get_app_version(cpe: CPE, port: port))
exit(0);
if (version_is_equal(version: version, test_version: "5.1.0")) {
report = report_fixed_ver(installed_version: version, fixed_version: "5.2.0");
security_message(port: port, data: report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
88.8%