BIT-solr-2021-33813
XML External Entity (XXE) vulnerability in jdom2 (Maven)
What is BIT-solr-2021-33813 About?
This is an XML External Entity (XXE) vulnerability found in SAXBuilder in JDOM through 2.0.6. Attackers can leverage it to cause a denial of service by sending a specially crafted HTTP request. Exploitation is relatively straightforward for an attacker who can send arbitrary XML to the affected application.
Affected Software
- org.jdom:jdom2
- <2.0.6.1
- org.jdom:jdom
- <=2.0.2
Technical Details
The SAXBuilder component in JDOM, specifically in versions up to 2.0.6, is vulnerable to XML External Entity (XXE) attacks. This vulnerability arises because the SAXBuilder, by default, allows the processing and expansion of external entities within XML documents. An attacker can craft an HTTP request containing an XML payload that defines and references malicious external entities, such as nested entities or entities pointing to large, non-existent or slow-responding resources. When the SAXBuilder parses this crafted XML without disabling external entity expansion (i.e., builder.setExpandEntities(false) is not called), it attempts to resolve and process these entities, leading to excessive resource consumption (e.g., CPU, memory, network). This resource exhaustion can culminate in a denial of service (DoS) condition, making the application unresponsive or crashing it.
What is the Impact of BIT-solr-2021-33813?
Successful exploitation may allow attackers to cause a denial of service, rendering the application unavailable to legitimate users, or potentially disclose local files or interact with internal systems.
What is the Exploitability of BIT-solr-2021-33813?
Exploitation of this XXE vulnerability typically involves an unauthenticated remote attacker sending a specially crafted HTTP request containing an XML payload to the target application. The complexity is low to medium, as it primarily requires knowledge of XXE attack techniques and the ability to send arbitrary XML data. No specific authentication or high privileges are required for the initial attack vector. The vulnerability is remote, as the attacker does not need local access to the system. The likelihood of exploitation is higher in applications that accept and parse XML input from untrusted sources without proper configuration to disable external entity processing.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for BIT-solr-2021-33813?
Available Upgrade Options
- org.jdom:jdom2
- <2.0.6.1 → Upgrade to 2.0.6.1
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://lists.apache.org/thread.html/r6db397ae7281ead825338200d1f62d2827585a70797cc9ac0c4bd23f@%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/r845e987b7cd8efe610284958e997b84583f5a98d3394adc09e3482fe%40%3Cissues.solr.apache.org%3E
- https://lists.apache.org/thread.html/rfb7a93e40ebeb1e0068cde0bf3834dcab46bb1ef06d6424db48ed9fd@%3Cdev.tika.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AH46QHE5GIMT6BL6C3GDTOYF27JYILXM/
- https://lists.debian.org/debian-lts-announce/2021/07/msg00012.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html
- https://lists.apache.org/thread.html/r9974f64723875052e02787b2a5eda689ac5247c71b827d455e5dc9a6@%3Cissues.solr.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2021/07/msg00012.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWFVYTHGILOQXUA7U3SPOERQXL7OPSZG
- https://lists.debian.org/debian-lts-announce/2021/06/msg00026.html
What are Similar Vulnerabilities to BIT-solr-2021-33813?
Similar Vulnerabilities: CVE-2021-41098 , CVE-2022-26134 , CVE-2020-1945 , CVE-2021-27807 , CVE-2023-26462
