8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-11758

GHSA ID

GHSA-85hw-w436-c725

EPSS Score

0.57311%

CWE

CWE-611

Published

5/14/2022

Updated

2/2/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-11758

CVE-2018-11758: XML External Entity Reference in Apache Cayenne

This affects Apache Cayenne 4.1.M1, 3.2.M1, 4.0.M2 to 4.0.M5, 4.0.B1, 4.0.B2, 4.0.RC1, 3.1, 3.1.1, 3.1.2. CayenneModeler is a desktop GUI tool shipped with Apache Cayenne and intended for editing Cayenne ORM models stored as XML files. If an attacker tricks a user of CayenneModeler into opening a malicious XML file, the attacker will be able to instruct the XML parser built into CayenneModeler to transfer files from a local machine to a remote machine controlled by the attacker. The cause of the issue is XML parser processing XML External Entity (XXE) declarations included in XML. The vulnerability is addressed in Cayenne by disabling XXE processing in all operations that require XML parsing.

(GitHub Advisory)

8.1

CVSS Score

3.0

Basic Information

CVE ID

CVE-2018-11758

GHSA ID

GHSA-85hw-w436-c725

EPSS Score

0.57311%

CWE

CWE-611

Published

5/14/2022

Updated

2/2/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.cayenne:cayenne-parent	maven	< 3.1.3	3.1.3
org.apache.cayenne:cayenne-parent	maven	>= 4.0, < 4.1	4.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The patches explicitly modify XML parser creation points to disable XXE features. The vulnerable versions lacked these security settings in three key locations: 1) SAXParser creation in Util.java, 2) DocumentBuilder creation in XMLUtil.java (core XML handling), and 3) DOM parsing in Project2Case.java (project file loading). All three would appear in stack traces when processing malicious XML input. Medium confidence for Project2Case.toDOMTree as it's test code, but the identical patch pattern suggests it was used in production flows.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is *****ts *p**** **y*nn* *.*.M*, *.*.M*, *.*.M* to *.*.M*, *.*.**, *.*.**, *.*.R**, *.*, *.*.*, *.*.*. **y*nn*Mo**l*r is * **sktop *UI tool s*ipp** wit* *p**** **y*nn* *n* int*n*** *or **itin* **y*nn* ORM mo**ls stor** *s XML *il*s. I* *n *tt**k*r

Reasoning

T** p*t***s *xpli*itly mo*i*y XML p*rs*r *r**tion points to *is**l* XX* ***tur*s. T** vuln*r**l* v*rsions l**k** t**s* s**urity s*ttin*s in t*r** k*y lo**tions: *) `S*XP*rs*r` *r**tion in `Util.j*v*`, *) `*o*um*nt*uil**r` *r**tion in `XMLUtil.j*v*` (

8.1

Basic Information

Concerned about an active attack path?

CVE-2018-11758: XML External Entity Reference in Apache Cayenne

8.1

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI