Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-41932: Brute Force Attack - XWikiLogin is executing create table statements on PostgreSQL

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It’s possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.

CVE
Open in Source
#sql#web#windows#apple#apache#java#auth#postgres#chrome#webkit#ssl

On Fr. 2022-06-24 a brute force attack has been performed on our XWiki 13.10.6 instance.
Inbetween 16:33 (CEST) and 17:56 (CEST) 184000+ requests have been reported to logs - xwiki.log is ~ 3GB.

Plenty of POST requests to /bin/loginsubmit/XWiki/XWikiLogin result in XWiki executing DDL create table statements in the PostgreSQL database.

access.log

141.113.97.246 “88.99.125.2” - - 2022-06-24T16:48:55+0200 POST “www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin” 403 17208 “https://www.faplis.de/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36 CIVAI” 1061 17538 … 141.113.97.247 “88.99.125.2” - - 2022-06-24T16:48:56+0200 POST “www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin” 403 16919 “https://www.faplis.de/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4512.0 Safari/537.36 CIVAI” 974 17249

System out/err:

Jun 24 16:48:55 sedcafap0150 sh[17010]: 2022-06-24 16:48:55,420 [http-nio-8080-exec-16 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] WARN nticationFailureLoggerListener - Authentication failure with login [0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z] Jun 24 16:48:55 sedcafap0150 sh[17010]: 2022-06-24 16:48:55,928 [http-nio-8080-exec-7 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] WARN nticationFailureLoggerListener - Authentication failure with login [(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(sleep(15)))v)+"*/] Jun 24 16:48:56 sedcafap0150 sh[17010]: 2022-06-24 16:48:56,488 [http-nio-8080-exec-16 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] ERROR c.x.x.i.s.h.HibernateStore - Error executing DDL "create table 1waitfordelay’0.activitystream_events (ase_eventid varchar(48) not null, ase_requestid varchar(48), ase_stream varchar(768), ase_date timestamp, ase_priority int4, ase_type varchar(768), ase_application varchar(768), ase_user varchar(768), ase_wiki varchar(255), ase_space varchar(768), ase_page varchar(768), ase_hidden boolean, ase_url text, ase_title text, ase_body text, ase_version varchar(30), ase_param1 text, ase_param2 text, ase_param3 text, ase_param4 text, ase_param5 text, primary key (ase_eventid))" via JDBC Statement Jun 24 16:48:56 sedcafap0150 sh[17010]: org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL "create table 1waitfordelay’0.activitystream_events (ase_eventid varchar(48) not null, ase_requestid varchar(48), ase_stream varchar(768), ase_date timestamp, ase_priority int4, ase_type varchar(768), ase_application varchar(768), ase_user varchar(768), ase_wiki varchar(255), ase_space varchar(768), ase_page varchar(768), ase_hidden boolean, ase_url text, ase_title text, ase_body text, ase_version varchar(30), ase_param1 text, ase_param2 text, ase_param3 text, ase_param4 text, ase_param5 text, primary key (ase_eventid))" via JDBC Statement Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.exec.GenerationTargetToDatabase.accept(GenerationTargetToDatabase.java:67) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.applySqlString(AbstractSchemaMigrator.java:563) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.applySqlStrings(AbstractSchemaMigrator.java:508) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.createTable(AbstractSchemaMigrator.java:278) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.GroupedSchemaMigratorImpl.performTablesMigration(GroupedSchemaMigratorImpl.java:71) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.performMigration(AbstractSchemaMigrator.java:208) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.doMigration(AbstractSchemaMigrator.java:115) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.hbm2ddl.SchemaUpdate.execute(SchemaUpdate.java:94) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.hbm2ddl.SchemaUpdate.execute(SchemaUpdate.java:63) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.internal.store.hibernate.HibernateStore.updateDatabase(HibernateStore.java:1125) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.internal.store.hibernate.HibernateStore.updateDatabase(HibernateStore.java:992) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.internal.store.hibernate.HibernateStore.updateDatabase(HibernateStore.java:1159) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.XWikiHibernateBaseStore.updateSchema(XWikiHibernateBaseStore.java:264) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.migration.hibernate.HibernateDataMigrationManager.hibernateShemaUpdate(HibernateDataMigrationManager.java:208) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.migration.hibernate.HibernateDataMigrationManager.updateSchema(HibernateDataMigrationManager.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.migration.hibernate.HibernateDataMigrationManager.initializeEmptyDB(HibernateDataMigrationManager.java:158) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.migration.AbstractDataMigrationManager.initNewDB(AbstractDataMigrationManager.java:446) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.migration.AbstractDataMigrationManager.initializeCurrentDatabase(AbstractDataMigrationManager.java:551) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.migration.AbstractDataMigrationManager.checkDatabase(AbstractDataMigrationManager.java:534) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.internal.store.hibernate.HibernateStore.setWiki(HibernateStore.java:703) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.internal.store.hibernate.HibernateStore.setWiki(HibernateStore.java:662) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.internal.store.hibernate.HibernateStore.beginTransaction(HibernateStore.java:853) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.internal.store.hibernate.HibernateStore.beginTransaction(HibernateStore.java:786) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.XWikiHibernateBaseStore.beginTransaction(XWikiHibernateBaseStore.java:531) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.XWikiHibernateStore.search(XWikiHibernateStore.java:2584) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.XWikiHibernateStore.search(XWikiHibernateStore.java:2562) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.store.XWikiCacheStore.search(XWikiCacheStore.java:690) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.XWiki.search(XWiki.java:2463) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.findUser(XWikiAuthServiceImpl.java:466) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.authenticate(XWikiAuthServiceImpl.java:414) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.authenticate(MyFormAuthenticator.java:297) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:208) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.user.impl.xwiki.MyFormAuthenticator.processLogin(MyFormAuthenticator.java:190) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.user.impl.xwiki.XWikiAuthServiceImpl.checkAuth(XWikiAuthServiceImpl.java:239) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.XWiki.checkAuth(XWiki.java:4336) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.xwiki.security.authorization.internal.XWikiCachingRightService.authenticateUser(XWikiCachingRightService.java:241) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.xwiki.security.authorization.internal.XWikiCachingRightService.checkAccess(XWikiCachingRightService.java:271) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.XWiki.checkAccess(XWiki.java:4359) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.XWiki.prepareDocuments(XWiki.java:5880) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:502) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.web.XWikiAction.execute(XWikiAction.java:292) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.web.LegacyActionServlet.service(LegacyActionServlet.java:115) Jun 24 16:48:56 sedcafap0150 sh[17010]: at javax.servlet.http.HttpServlet.service(HttpServlet.java:764) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:227) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at com.xpn.xwiki.web.ActionFilter.doFilter(ActionFilter.java:122) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.xwiki.wysiwyg.filter.ConversionFilter.doFilter(ConversionFilter.java:61) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.xwiki.container.servlet.filters.internal.SetHTTPHeaderFilter.doFilter(SetHTTPHeaderFilter.java:63) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.xwiki.container.servlet.filters.internal.SavedRequestRestorerFilter.doFilter(SavedRequestRestorerFilter.java:208) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.xwiki.container.servlet.filters.internal.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:111) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.xwiki.resource.servlet.RoutingFilter.doFilter(RoutingFilter.java:132) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:197) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:890) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1743) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) Jun 24 16:48:56 sedcafap0150 sh[17010]: at java.base/java.lang.Thread.run(Unknown Source) Jun 24 16:48:56 sedcafap0150 sh[17010]: Caused by: org.postgresql.util.PSQLException: Unterminated string literal started at position 26 in SQL create table 1waitfordelay’0.activitystream_events (ase_eventid varchar(48) not null, ase_requestid varchar(48), ase_stream varchar(768), ase_date timestamp, ase_priority int4, ase_type varchar(768), ase_application varchar(768), ase_user varchar(768), ase_wiki varchar(255), ase_space varchar(768), ase_page varchar(768), ase_hidden boolean, ase_url text, ase_title text, ase_body text, ase_version varchar(30), ase_param1 text, ase_param2 text, ase_param3 text, ase_param4 text, ase_param5 text, primary key (ase_eventid)). Expected char Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.core.Parser.checkParsePosition(Parser.java:1305) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.core.Parser.parseSql(Parser.java:1212) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.core.Parser.replaceProcessing(Parser.java:1156) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.core.CachedQueryCreateAction.create(CachedQueryCreateAction.java:43) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.core.QueryExecutorBase.createQueryByKey(QueryExecutorBase.java:337) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.jdbc.PgStatement.executeCachedSql(PgStatement.java:300) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.jdbc.PgStatement.executeWithFlags(PgStatement.java:284) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.postgresql.jdbc.PgStatement.execute(PgStatement.java:279) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.commons.dbcp2.DelegatingStatement.execute(DelegatingStatement.java:193) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.apache.commons.dbcp2.DelegatingStatement.execute(DelegatingStatement.java:193) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.exec.GenerationTargetToDatabase.accept(GenerationTargetToDatabase.java:54) Jun 24 16:48:56 sedcafap0150 sh[17010]: … 82 common frames omitted Jun 24 16:48:56 sedcafap0150 sh[17010]: 2022-06-24 16:48:56,488 [http-nio-8080-exec-16 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] ERROR c.x.x.i.s.h.HibernateStore - Error executing DDL "create table 1waitfordelay’0.activitystream_events_status (ases_eventid varchar(48) not null, ases_entityid varchar(720) not null, ases_read boolean, primary key (ases_eventid, ases_entityid))" via JDBC Statement Jun 24 16:48:56 sedcafap0150 sh[17010]: org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL "create table 1waitfordelay’0.activitystream_events_status (ases_eventid varchar(48) not null, ases_entityid varchar(720) not null, ases_read boolean, primary key (ases_eventid, ases_entityid))" via JDBC Statement Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.exec.GenerationTargetToDatabase.accept(GenerationTargetToDatabase.java:67) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.applySqlString(AbstractSchemaMigrator.java:563) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.applySqlStrings(AbstractSchemaMigrator.java:508) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.createTable(AbstractSchemaMigrator.java:278) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.GroupedSchemaMigratorImpl.performTablesMigration(GroupedSchemaMigratorImpl.java:71) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.performMigration(AbstractSchemaMigrator.java:208) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.schema.internal.AbstractSchemaMigrator.doMigration(AbstractSchemaMigrator.java:115) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.hbm2ddl.SchemaUpdate.execute(SchemaUpdate.java:94) Jun 24 16:48:56 sedcafap0150 sh[17010]: at org.hibernate.tool.hbm2ddl.SchemaUpdate.execute(SchemaUpdate.java:63)

xwiki.log

2022-06-24 16:48:54,373 [http-nio-8080-exec-11 - http://www.faplis.de/wiki/bin/get/Help/Applications/Contributors/Charlie%20Chaplin?data=children&exclusions=document:xwiki:Help.WebHome&id=1%00%C0%A7%C0%A2%252527%252522&outputSyntax=plain&sheet=XWiki.DocumentTree&showAttachments=false&showTranslations=false] ERROR o.a.v.rendering - Left side ($childNodeIds.size()) of comparison operation has null value at xwiki:XWiki.DocumentTree[line 153, column 29] 2022-06-24 16:48:54,480 [http-nio-8080-exec-7 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] WARN nticationFailureLoggerListener - Authentication failure with login [0’XOR(if(now()=sysdate(),sleep(15),0))XOR’Z] 2022-06-24 16:48:54,635 [http-nio-8080-exec-7 - http://www.faplis.de/wiki/bin/get/Help/Applications/Contributors/Charlie%20Chaplin?data=children&exclusions=document:xwiki:Help.WebHome&id=%40%40gon8g&outputSyntax=plain&sheet=XWiki.DocumentTree&showAttachments=false&showTranslations=false] ERROR o.a.v.rendering - Left side ($childNodeIds.size()) of comparison operation has null value at xwiki:XWiki.DocumentTree[line 153, column 29] 2022-06-24 16:48:55,420 [http-nio-8080-exec-16 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] WARN nticationFailureLoggerListener - Authentication failure with login [0"XOR(if(now()=sysdate(),sleep(15),0))XOR"Z] 2022-06-24 16:48:55,928 [http-nio-8080-exec-7 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] WARN nticationFailureLoggerListener - Authentication failure with login [(select(0)from(select(sleep(15)))v)/*’+(select(0)from(select(sleep(15)))v)+’"+(select(0)from(select(sleep(15)))v)+"*/] 2022-06-24 16:48:56,408 [http-nio-8080-exec-16 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] INFO .HibernateDataMigrationManager - Checking Hibernate mapping and updating schema if needed for wiki [1waitfordelay’0] 2022-06-24 16:48:56,488 [http-nio-8080-exec-16 - http://www.faplis.de/wiki/bin/loginsubmit/XWiki/XWikiLogin] ERROR c.x.x.i.s.h.HibernateStore - Error executing DDL "create table 1waitfordelay’0.activitystream_events (ase_eventid varchar(48) not null, ase_requestid varchar(48), ase_stream varchar(768), ase_date timestamp, ase_priority int4, ase_type varchar(768), ase_application varchar(768), ase_user varchar(768), ase_wiki varchar(255), ase_space varchar(768), ase_page varchar(768), ase_hidden boolean, ase_url text, ase_title text, ase_body text, ase_version varchar(30), ase_param1 text, ase_param2 text, ase_param3 text, ase_param4 text, ase_param5 text, primary key (ase_eventid))" via JDBC Statement org.hibernate.tool.schema.spi.CommandAcceptanceException: Error executing DDL "create table 1waitfordelay’0.activitystream_events (ase_eventid varchar(48) not null, ase_requestid varchar(48), ase_stream varchar(768), ase_date timestamp, ase_priority int4, ase_type varchar(768), ase_application varchar(768), ase_user varchar(768), ase_wiki varchar(255), ase_space varchar(768), ase_page varchar(768), ase_hidden boolean, ase_url text, ase_title text, ase_body text, ase_version varchar(30), ase_param1 text, ase_param2 text, ase_param3 text, ase_param4 text, ase_param5 text, primary key (ase_eventid))" via JDBC Statement at org.hibernate.tool.schema.internal.exec.GenerationTargetToDatabase.accept(GenerationTargetToDatabase.java:67)

Related news

GHSA-4x5r-6v26-7j4v: Creation of new database tables through login form on PostgreSQL

### Impact It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. ### Patches The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. ### Workarounds The only workarounds for this are: * use an authenticator which does interpret the login as a reference to a document * using a different database than PostgreSQL * upgrade XWiki ### References https://jira.xwiki.org/browse/XWIKI-19886 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE