CVE-2019-17554
published 2019-12-04CVE-2019-17554: The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with…
PriorityP275medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
12.25%
95.7th percentile
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | olingo | — | — |
| apache | olingo | 4.0.0 – 4.6.0 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect XXE exploitation attempts against Apache Olingo by inspecting HTTP POST requests with Content-Type 'application/xml' targeting OData service endpoints (e.g. /cars.svc/). Payloads will contain a DOCTYPE declaration with an ENTITY referencing an external resource (e.g. file:// or http://). ↗
- →Flag HTTP POST requests to Apache Olingo OData endpoints where the body contains both a DOCTYPE declaration and an external ENTITY reference — a hallmark of XXE payload delivery. ↗
- →Monitor HTTP 201 Created responses from OData endpoints that contain file-system content (e.g. /etc/passwd lines) embedded in XML fields, indicating successful XXE data exfiltration. ↗
- →Inspect the vulnerable class XMLInputFactory instantiation in ODataXmlDeserializer.java; absence of SUPPORT_DTD=false and isSupportingExternalEntities=false properties confirms a vulnerable configuration. ↗
- ·The fix requires explicitly setting both XMLInputFactory properties on the shared static FACTORY instance in ODataXmlDeserializer.java: SUPPORT_DTD=false and javax.xml.stream.isSupportingExternalEntities=false. ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Restriction of XML External Entity Reference in Apache Olingo
ghsa·2020-02-04
CVE-2019-17554 [MEDIUM] CWE-611 Improper Restriction of XML External Entity Reference in Apache Olingo
Improper Restriction of XML External Entity Reference in Apache Olingo
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
OSV
Improper Restriction of XML External Entity Reference in Apache Olingo
osv·2020-02-04
CVE-2019-17554 [MEDIUM] Improper Restriction of XML External Entity Reference in Apache Olingo
Improper Restriction of XML External Entity Reference in Apache Olingo
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
VulnCheck
Apache olingo Improper Restriction of XML External Entity Reference
vulncheck·2019·CVSS 5.5
CVE-2019-17554 [MEDIUM] Apache olingo Improper Restriction of XML External Entity Reference
Apache olingo Improper Restriction of XML External Entity Reference
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
Affected: Apache olingo
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
No detection rules found.
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
http://packetstormsecurity.com/files/155619/Apache-Olingo-OData-4.6.x-XML-Injection.htmlhttps://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3Ehttps://mail-archives.apache.org/mod_mbox/olingo-user/201912.mbox/%3CCAGSZ4d7Ty%3DL-n_iAzT6vcQp65BY29XZDS5tMoM8MdDrb1moM7A%40mail.gmail.com%3Ehttps://seclists.org/bugtraq/2019/Dec/11http://packetstormsecurity.com/files/155619/Apache-Olingo-OData-4.6.x-XML-Injection.htmlhttps://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3Ehttps://mail-archives.apache.org/mod_mbox/olingo-user/201912.mbox/%3CCAGSZ4d7Ty%3DL-n_iAzT6vcQp65BY29XZDS5tMoM8MdDrb1moM7A%40mail.gmail.com%3Ehttps://seclists.org/bugtraq/2019/Dec/11
2019-12-04
Published
Exploited in the wild