Description

TAXII libtaxii through 1.1.117, as used in EclecticIQ OpenTAXII through 0.2.0 and other products, allows SSRF via an initial http:// substring to the parse method, even when the no_network setting is used for the XML parser. NOTE: the vendor points out that the parse method "wraps the lxml library" and that this may be an issue to "raise ... to the lxml group.

Related CPE's

a

eclecticiq

opentaxii

Vulnerable

a

libtaxii_project

libtaxii

Vulnerable

References

http://packetstormsecurity.com/files/159662/Libtaxii-1.1.117-OpenTaxi-0.2.0-Server-Side-Request-Forgery.html

ExploitThird Party Advisory

https://github.com/TAXIIProject/libtaxii/issues/246

ExploitThird Party Advisory

https://github.com/eclecticiq/OpenTAXII/issues/176

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-918

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 · Critical

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2020-10-17T20:15:10.657

4 years ago

Last modified

2024-08-04T16:15:54.653

11 months ago