Miggo Logo

CVE-2020-15232: XXE attack in Mapfish Print

9.3

CVSS Score
3.1

Basic Information

EPSS Score
0.56213%
Published
7/7/2020
Updated
6/27/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.mapfish.print:print-libmaven>= 3.0, < 3.243.24
org.mapfish.print:print-servletmaven>= 3.0, < 3.243.24
org.mapfish.print:print-standalonemaven>= 3.0, < 3.243.24

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The critical vulnerability was patched by adding 'dbf.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true)' in SLDParserPlugin.java. This indicates the XML parser in tryLoadSLD method previously allowed DTD processing, making it vulnerable to XXE injection via malicious SDL style files. The commit diff clearly shows this security hardening was the primary XXE mitigation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t * us*r **n *o to *n XML *xt*rn*l *ntity (XX*) *tt**k wit* t** provi*** S*L styl*. ### P*t***s Us* v*rsion >= *.** ### Work*roun*s No ### R***r*n**s * *ttps://*w*.mitr*.or*/**t*/***initions/***.*tml * *ttps://*it*u*.*om/m*p*is*/m*p*is*-p

Reasoning

T** *riti**l vuln*r**ility w*s p*t**** *y ***in* '***.s*t***tur*("*ttp://*p****.or*/xml/***tur*s/*is*llow-*o*typ*-***l", tru*)' in `SL*P*rs*rPlu*in.j*v*`. T*is in*i**t*s t** XML p*rs*r in `tryLo**SL*` m*t*o* pr*viously *llow** *T* pro**ssin*, m*kin*