CVE-2019-18213

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

XML Language Server (aka lsp4xml) before 0.9.1, as used in Red Hat XML Language Support (aka vscode-xml) before 0.9.1 for Visual Studio and other products, allows XXE via a crafted XML document, with resultant SSRF (as well as SMB connection initiation that can lead to NetNTLM challenge/response capture for password cracking). This occurs in extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.

XML Language Server (también se conoce como lsp4xml) versiones anteriores a 0.9.1, como es usado en Red Hat XML Language Support (también se conoce como vscode-xml) versiones anteriores a 0.9.1, para Visual Studio y otros productos, permite un ataque de tipo XXE por medio de un documento XML diseñado, con un SSRF resultante (así como con el inicio de la conexión SMB lo que puede conllevar a la captura de desafío y respuesta de NetNTLM para descifrar contraseñas). Esto ocurre en el archivo extensions/contentmodel/participants/diagnostics/LSPXMLParserConfiguration.java.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-10-19 CVE Reserved
2019-10-23 CVE Published
2024-08-05 CVE Updated
2024-08-05 First Exploit
2024-10-16 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-611: Improper Restriction of XML External Entity Reference

CAPEC

References (6)

URL	Tag	Source
https://github.com/angelozerr/lsp4xml	Product
https://github.com/angelozerr/lsp4xml/blob/master/CHANGELOG.md#others	Release Notes
https://marketplace.visualstudio.com/items?itemName=redhat.vscode-xml	Third Party Advisory

URL	Date	SRC
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia	2024-08-05

URL	Date	SRC
https://github.com/angelozerr/lsp4xml/pull/566	2021-07-21
https://github.com/redhat-developer/vscode-xml	2021-07-21

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Xml Language Server Project Search vendor "Xml Language Server Project"		Xml Server Project Search vendor "Xml Language Server Project" for product "Xml Server Project"				< 0.9.1 Search vendor "Xml Language Server Project" for product "Xml Server Project" and version " < 0.9.1"		-		Affected
Eclipse Search vendor "Eclipse"		Wild Web Developer Search vendor "Eclipse" for product "Wild Web Developer"				-		-		Affected
Theia Xml Extension Project Search vendor "Theia Xml Extension Project"		Theia Xml Extension Search vendor "Theia Xml Extension Project" for product "Theia Xml Extension"				-		-		Affected