搜索

[28889] 2021-04-28_CVE-2021-27736:FusionAuthSAML库中的XXE

文档创建者:s7ckTeam
浏览次数:2
最后更新:2025-01-19
2021-04-28_CVE-2021-27736:FusionAuthSAML库中的XXE C V E - 2 0 2 1 - 2 7 7 3 6 F u s i o n A u t h   S A M L X X E O t s   2 0 2 1 - 0 4 - 2 8 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # F u s i o n A u t h   S A M L [ 1 ] F u s i o n A u t h   [ 2 ] C S N C   I D C S N C - 2 0 2 1 - 0 0 4 C V E   I D C V E - 2 0 2 1 - 2 7 7 3 6 X M L P h i l i p p   M a o   < p h i l i p p . m a o @ c o m p a s s - s e c u r i t y . c o m > 2 0 2 1 - 4 - 2 1 # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # - - - - - - - - - - - - - F u s i o n A u t h   F u s i o n A u t h   S A M L 使 J A X B J a v a S A M L   v 2 . 0   F u s i o n A u t h   I D P C o m p a s s   S e c u r i t y   [ 3 ] 使 使 x m l S A M L - - - - - - - - - f u s i o n a u t h - s a m l v 2   < 0 . 5 . 4   f u s i o n a u t h - s a m l v 2 >   =   0 . 5 . 4   - - - - - - - - - - - - - - - - - - - - - x m l S A M L F u s i o n A u t h   F u s i o n A u t h x m l   S A M L A u t h n R e q u e s t   L o g o u t R e q u e s t F u s i o n A u t h S A M L f u s i o n a u t h - s a m l v 2
p a r s e F r o m B y t e s [ 4 ] X M L   j a v a x . x m l . p a r s e r s . D o c u m e n t B u i l d e r F a c t o r y   / - - - - - - - - - - - - - - - - - f u s i o n a u t h - s a m l v 2   0 . 5 . 4 线 线 - - - - - - - - - 2 0 2 1 - 0 1 - 2 0 P h i l i p p   M a o 2 0 2 1 - 0 1 - 2 1 / 2 0 2 1 - 0 2 - 0 7 2 0 2 1 - 0 2 - 2 5 C V E - 2 0 2 1 - 2 7 7 3 6 2 0 2 1 - 0 4 - 2 1 - - - - - - - - - - - [ 1 ]   h t t p s : / / g i t h u b . c o m / F u s i o n A u t h / f u s i o n a u t h - s a m l v 2 [ 2 ]   h t t p s : / / f u s i o n a u t h . i o / [ 3 ]   h t t p s : / / c o m p a s s - s e c u r i t y . c o m [ 4 ] h t t p s : / / g i t h u b . c o m / F u s i o n A u t h / f u s i o n a u t h - s a m l v 2 / b l o b / e b 7 5 e d 9 d e 1 0 4 3 c 8 d 0 5 6 4 f 0 d 1 a 1 3 6 5 2 3 4 5 7 c c 2 d c 3 / s r c / m a i n / j a v a / i o / f u s i o n a u t h / s a m l v 2 / s e r v i c e / D e f a u l t S A M L v 2 S e r v i c e . j a v a # L 8 2 1 ` ` `   p r i v a t e   D o c u m e n t   p a r s e F r o m B y t e s ( b y t e [ ]   b y t e s )   t h r o w s   S A M L E x c e p t i o n   {         D o c u m e n t B u i l d e r F a c t o r y   d o c u m e n t B u i l d e r F a c t o r y   =   D o c u m e n t B u i l d e r F a c t o r y . n e w I n s t a n c e ( ) ;         d o c u m e n t B u i l d e r F a c t o r y . s e t N a m e s p a c e A w a r e ( t r u e ) ;         t r y   {             D o c u m e n t B u i l d e r   b u i l d e r   =   d o c u m e n t B u i l d e r F a c t o r y . n e w D o c u m e n t B u i l d e r ( ) ;             r e t u r n   b u i l d e r . p a r s e ( n e w   B y t e A r r a y I n p u t S t r e a m ( b y t e s ) ) ;         }   c a t c h   ( P a r s e r C o n f i g u r a t i o n E x c e p t i o n   |   S A X E x c e p t i o n   |   I O E x c e p t i o n   e )   {             t h r o w   n e w   S A M L E x c e p t i o n ( " U n a b l e   t o   p a r s e   S A M L   v 2 . 0   a u t h e n t i c a t i o n   r e s p o n s e " ,   e ) ;         }     } ` ` `

回复

举报

高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

使用Markdown编辑器编辑 使用富文本编辑器编辑

Archiver| 手机版| 小黑屋|
Powered by Discuz! X3.4 Copyright © 2001-2020, Tencent Cloud. 商业源码建议获取授权,如侵犯您的权益,请联系客服处理