CVE-2014-3558
Bypass vulnerability in hibernate-validator (Maven)
What is CVE-2014-3558 About?
This vulnerability in Hibernate Validator allows attackers to bypass Java Security Manager (JSM) restrictions. By crafting a specific application, unauthorized reflection calls can be executed. This can lead to significant access control bypasses within a sandboxed environment, though it requires specific application crafting, making exploitation moderately difficult.
Affected Software
- org.hibernate:hibernate-validator
- >5.0.0, <5.1.2
- >4.3.0, <4.3.2
- >4.1.0, <4.2.1
Technical Details
The ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) component in Hibernate Validator versions 4.1.0 before 4.2.1, 4.3.x before 4.3.2, and 5.x before 5.1.2 contains a flaw that allows attackers to circumvent Java Security Manager (JSM) policies. An attacker can craft an application designed to invoke specific reflection calls that would normally be restricted by the JSM. Due to a defect in ReflectionHelper's enforcement or handling, these calls are allowed to execute, thereby bypassing the intended security restrictions and potentially accessing sensitive resources or performing unauthorized operations within the Java environment.
What is the Impact of CVE-2014-3558?
Successful exploitation may allow attackers to bypass security restrictions, execute unauthorized operations, or access restricted resources within the Java Virtual Machine (JVM).
What is the Exploitability of CVE-2014-3558?
Exploiting this vulnerability requires a crafted application which can be considered a moderate to high complexity task. It demands specific knowledge of the Hibernate Validator internals and the Java Security Manager's policies. There are no authentication or privilege requirements to trigger the bypass itself if the crafted application can be executed. This is typically a local attack, as the attacker needs to run their application within a sandboxed environment where JSM is active. The primary constraint is the need for a precisely built application to trigger the flaw, but a successful bypass could lead to significant impact within a restricted environment.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2014-3558?
Available Upgrade Options
- org.hibernate:hibernate-validator
- >4.1.0, <4.2.1 → Upgrade to 4.2.1
- org.hibernate:hibernate-validator
- >4.3.0, <4.3.2 → Upgrade to 4.3.2
- org.hibernate:hibernate-validator
- >5.0.0, <5.1.2 → Upgrade to 5.1.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-845h-985r-jrqh
- https://github.com/hibernate/hibernate-validator/commit/c489416f699a46859c134796b3ccfea41ef3ce52
- https://github.com/victims/victims-cve-db/blob/master/database/java/2014/3558.yaml
- https://hibernate.atlassian.net/browse/HV-912
- https://github.com/hibernate/hibernate-validator/commit/fd4eaed7fb930db6a5e4c03742b4b3adcfecc90e
- http://rhn.redhat.com/errata/RHSA-2014-1286.html
- http://rhn.redhat.com/errata/RHSA-2014-1287.html
- http://rhn.redhat.com/errata/RHSA-2014-1288.html
- http://rhn.redhat.com/errata/RHSA-2014-1285.html
- https://github.com/hibernate/hibernate-validator/commit/c9525ca544b1281e2b7c7347e86e87c86dc1dc6e
What are Similar Vulnerabilities to CVE-2014-3558?
Similar Vulnerabilities: CVE-2007-0453 , CVE-2008-0409 , CVE-2009-0269 , CVE-2010-0842 , CVE-2011-3543
