Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Vulnerability in Xalan-J could allow arbitrary code execution

A vulnerability in Xalan-J, an Apache project used by multiple SAML implementations, could allow arbitrary code execution, researchers warn.

XSLT (Extensible Stylesheet Language Transformations) is a markup language that can transform XML documents into other formats, such as HTML.

Xalan-J is a Java version implementation of an XSLT processor.

The project is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets, discovered by Google Project Zero’s Felix Wilhelm.

This issue can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode, he warned, allowing for arbitrary code execution in software using Xalan-J for processing untrusted XSLT stylesheets.

As Xalan-J is used for performing XSLT transformations during XML signature verification in OpenJDK, this bug potentially affects a large number of Java-based SAML implementations, Wilhelm warned.

SAML is a method of authentication that enables a user to access multiple web applications using one set of login credentials.

Mitigations

The researcher noted that XSLT support for XML signatures can be disabled using the org.jcp.xml.dsig.secureValidation property, however the default value for applications running without a SecurityManager was false until JDK 17, “so I would expect a lot of implementations to be vulnerable to this”.

In a blog post published in August, Wilhelm said that he was able to write a Proof-of-Concept (PoC) exploit for this bug “that generates a valid (but useless) class file that’s almost completely controlled by the attacker”.

He continued: “While I haven’t successfully executed my own bytecode yet I’m very confident that this is possible with a bit more time investment, so I am reporting this issue now and may follow-up with a more complete proof-of-concept at a later stage.”

Another researcher has since produced their own PoC for the vulnerability, more details of which can be found on GitHub.

The vulnerability has since been fixed in OpenJDK, the open source implementation of the Java Standard Edition (Java SE) and Java Development Kit (JDK).

Wilhelm notes that it has not been fixed in Apache’s version, which is being retired.

Source: https://portswigger.net/daily-swig/vulnerability-in-xalan-j-could-allow-arbitrary-code-execution

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO