ID de Prueba:	1.3.6.1.4.1.25623.1.0.106343
Categoría:	Web application abuses
Título:	WSO2 Identity Server CSRF And XXE Vulnerabilities
Resumen:	WSO2 Identity Server is prone to a XML external entity (XXE); vulnerability.
Descripción:	Summary: WSO2 Identity Server is prone to a XML external entity (XXE) vulnerability. Vulnerability Insight: WSO2 Identity Server is vulnerable to XXE attack which is a type of attack against an application that parses XML input. When Identity Server used with its XACML feature, it parses XACML requests and XACML policies which contain XML entries according to the XACML specification. This attack occurs when a XACML request or a policy containing a reference to an external entity is processed by a weakly configured XML parser. Vulnerability Impact: An authenticated attacker may disclose local files, conduct adenial of service and server-side request forgery, port scanning and other system impacts on affected systems. Affected Software/OS: WSO2 Identity Server 5.1.0. Solution: Apply the provide patch or upgrade to 5.2.0 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4311 BugTraq ID: 92485 http://www.securityfocus.com/bid/92485 Bugtraq: 20160813 WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity (Google Search) http://www.securityfocus.com/archive/1/539199/100/0/threaded https://www.exploit-db.com/exploits/40239/ http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4312
Copyright	Copyright (C) 2016 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.