Test ID:	1.3.6.1.4.1.25623.1.0.106343
Category:	Web application abuses
Title:	WSO2 Identity Server CSRF And XXE Vulnerabilities
Summary:	WSO2 Identity Server is prone to a XML external entity (XXE); vulnerability.
Description:	Summary: WSO2 Identity Server is prone to a XML external entity (XXE) vulnerability. Vulnerability Insight: WSO2 Identity Server is vulnerable to XXE attack which is a type of attack against an application that parses XML input. When Identity Server used with its XACML feature, it parses XACML requests and XACML policies which contain XML entries according to the XACML specification. This attack occurs when a XACML request or a policy containing a reference to an external entity is processed by a weakly configured XML parser. Vulnerability Impact: An authenticated attacker may disclose local files, conduct adenial of service and server-side request forgery, port scanning and other system impacts on affected systems. Affected Software/OS: WSO2 Identity Server 5.1.0. Solution: Apply the provide patch or upgrade to 5.2.0 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-4311 BugTraq ID: 92485 http://www.securityfocus.com/bid/92485 Bugtraq: 20160813 WSO2 IDENTITY-SERVER v5.1.0 XML External-Entity (Google Search) http://www.securityfocus.com/archive/1/539199/100/0/threaded https://www.exploit-db.com/exploits/40239/ http://hyp3rlinx.altervista.org/advisories/WSO2-IDENTITY-SERVER-v5.1.0-XML-External-Entity.txt http://packetstormsecurity.com/files/138329/WSO2-Identity-Server-5.1.0-XML-Injection.html Common Vulnerability Exposure (CVE) ID: CVE-2016-4312
Copyright	Copyright (C) 2016 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.