Summary
Magento eCommerce platform uses a vulnerable version of Zend framework which is prone to XML eXternal Entity Injection attacks. The SimpleXMLElement class of Zend framework (SimpleXML PHP extension) is used in an insecure way to parse XML data. External entities can be specified by adding a specific DOCTYPE element to XML-RPC requests. By exploiting this vulnerability an application may be coerced to open arbitrary files and/or TCP connections.
Solution
Updates are available. Please see the references for more information.
References
- http://bot24.blogspot.de/2012/07/sec-consult-sa-20120712-0-magento.html
- http://www.magentocommerce.com/blog/comments/update-zend-framework-vulnerability-security-update/
- http://www.magentocommerce.com/download
- http://www.magentocommerce.com/downloads/assets/1.7.0.2/CE_1.4.0.0-1.4.1.1.patch
- http://www.magentocommerce.com/downloads/assets/1.7.0.2/CE_1.4.2.0.patch
- http://www.magentocommerce.com/downloads/assets/1.7.0.2/CE_1.5.0.0-1.7.0.1.patch
- https://www.magentocommerce.com/products/customer/account/index/
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- Acidcat CMS Multiple Vulnerabilities
- AstroSPACES profile.php SQL Injection Vulnerability
- Admin Bot 'news.php' SQL Injection Vulnerability