Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below:
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Roller | Apache | * | 5.1.2 (including) |
| Roller | Apache | 5.2.0 (including) | 5.2.0 (including) |
| Roller | Apache | 5.2.0-rc2 (including) | 5.2.0-rc2 (including) |
| Roller | Apache | 5.2.0-rc3 (including) | 5.2.0-rc3 (including) |
| Roller | Apache | 5.2.0-rc4 (including) | 5.2.0-rc4 (including) |
| Roller | Apache | 5.2.0-rc5 (including) | 5.2.0-rc5 (including) |
| Roller | Apache | 5.2.0-rc6 (including) | 5.2.0-rc6 (including) |
| Roller | Apache | 5.2.1 (including) | 5.2.1 (including) |