Vulnerabilites related to Red Hat - Red Hat JBoss Core Services
cve-2024-8176
Vulnerability from cvelistv5
Published
2025-03-14 08:19
Modified
2025-03-28 15:03
Severity ?
EPSS score ?
Summary
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2024-8176 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2310137 | issue-tracking, x_refsource_REDHAT | |
| https://github.com/libexpat/libexpat/issues/893 |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8176", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-14T13:13:22.690073Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-14T13:14:00.908Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2025-03-28T15:03:08.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "http://www.openwall.com/lists/oss-security/2025/03/15/1", }, { url: "https://blog.hartwork.org/posts/expat-2-7-0-released/", }, { url: "https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52", }, { url: "https://bugzilla.suse.com/show_bug.cgi?id=1239618", }, { url: "https://ubuntu.com/security/CVE-2024-8176", }, { url: "https://security-tracker.debian.org/tracker/CVE-2024-8176", }, { url: "https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53", }, { url: "https://security.netapp.com/advisory/ntap-20250328-0009/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "compat-expat1", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:6", ], defaultStatus: "unknown", packageName: "expat", product: "Red Hat Enterprise Linux 6", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "expat", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "firefox", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:7", ], defaultStatus: "unknown", packageName: "thunderbird", product: "Red Hat Enterprise Linux 7", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "expat", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "firefox", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "lua-expat", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "mingw-expat", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "thunderbird", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:8", ], defaultStatus: "affected", packageName: "xmlrpc-c", product: "Red Hat Enterprise Linux 8", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "expat", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "firefox", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "firefox:flatpak/firefox", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "thunderbird", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/o:redhat:enterprise_linux:9", ], defaultStatus: "affected", packageName: "thunderbird:flatpak/thunderbird", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_core_services:1", ], defaultStatus: "affected", packageName: "expat", product: "Red Hat JBoss Core Services", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:openshift:4", ], defaultStatus: "affected", packageName: "rhcos", product: "Red Hat OpenShift Container Platform 4", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat).", }, ], datePublic: "2025-03-13T13:51:54.957Z", descriptions: [ { lang: "en", value: "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Moderate", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-674", description: "Uncontrolled Recursion", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-14T18:55:02.523Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2024-8176", }, { name: "RHBZ#2310137", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2310137", }, { url: "https://github.com/libexpat/libexpat/issues/893", }, ], timeline: [ { lang: "en", time: "2024-06-12T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2025-03-13T13:51:54.957000+00:00", value: "Made public.", }, ], title: "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-674: Uncontrolled Recursion", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2024-8176", datePublished: "2025-03-14T08:19:48.962Z", dateReserved: "2024-08-26T12:36:40.985Z", dateUpdated: "2025-03-28T15:03:08.107Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-6710
Vulnerability from cvelistv5
Published
2023-12-12 22:01
Modified
2025-01-09 06:18
Severity ?
EPSS score ?
Summary
A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:1316 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:1317 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:2387 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-6710 | vdb-entry, x_refsource_REDHAT | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2254128 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ | Red Hat | JBoss Core Services for RHEL 8 |
Unaffected: 0:1.3.20-3.el8jbcs < * cpe:/a:redhat:jboss_core_services:1::el8 cpe:/a:redhat:jboss_core_services:1::el7 |
|||||||||||||||||||||
|
||||||||||||||||||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T08:35:14.928Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "RHSA-2024:1316", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1316", }, { name: "RHSA-2024:1317", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { name: "RHSA-2024:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/errata/RHSA-2024:2387", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", "x_transferred", ], url: "https://access.redhat.com/security/cve/CVE-2023-6710", }, { name: "RHBZ#2254128", tags: [ "issue-tracking", "x_refsource_REDHAT", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_core_services:1::el8", "cpe:/a:redhat:jboss_core_services:1::el7", ], defaultStatus: "affected", packageName: "jbcs-httpd24-mod_proxy_cluster", product: "JBoss Core Services for RHEL 8", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.3.20-3.el8jbcs", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_core_services:1::el8", "cpe:/a:redhat:jboss_core_services:1::el7", ], defaultStatus: "affected", packageName: "jbcs-httpd24-mod_proxy_cluster", product: "JBoss Core Services on RHEL 7", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.3.20-3.el7jbcs", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:enterprise_linux:9::appstream", ], defaultStatus: "affected", packageName: "mod_proxy_cluster", product: "Red Hat Enterprise Linux 9", vendor: "Red Hat", versions: [ { lessThan: "*", status: "unaffected", version: "0:1.3.20-1.el9_4", versionType: "rpm", }, ], }, { collectionURL: "https://access.redhat.com/downloads/content/package-browser/", cpes: [ "cpe:/a:redhat:jboss_core_services:1", ], defaultStatus: "unaffected", packageName: "jbcs-httpd24-mod_proxy_cluster", product: "Text-Only JBCS", vendor: "Red Hat", }, { collectionURL: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", cpes: [ "cpe:/a:redhat:jboss_core_services:1", ], defaultStatus: "affected", packageName: "mod_proxy_cluster", product: "Red Hat JBoss Core Services", vendor: "Red Hat", }, ], credits: [ { lang: "en", value: "Red Hat would like to thank Mohamed Mounir Boudjema (Intervalle-Technologies) for reporting this issue.", }, ], datePublic: "2023-12-12T00:00:00+00:00", descriptions: [ { lang: "en", value: "A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.", }, ], metrics: [ { other: { content: { namespace: "https://access.redhat.com/security/updates/classification/", value: "Low", }, type: "Red Hat severity rating", }, }, { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-09T06:18:19.829Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "RHSA-2024:1316", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1316", }, { name: "RHSA-2024:1317", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:1317", }, { name: "RHSA-2024:2387", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "https://access.redhat.com/errata/RHSA-2024:2387", }, { tags: [ "vdb-entry", "x_refsource_REDHAT", ], url: "https://access.redhat.com/security/cve/CVE-2023-6710", }, { name: "RHBZ#2254128", tags: [ "issue-tracking", "x_refsource_REDHAT", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=2254128", }, ], timeline: [ { lang: "en", time: "2023-12-12T00:00:00+00:00", value: "Reported to Red Hat.", }, { lang: "en", time: "2023-12-12T00:00:00+00:00", value: "Made public.", }, ], title: "Mod_cluster/mod_proxy_cluster: stored cross site scripting", workarounds: [ { lang: "en", value: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", }, ], x_redhatCweChain: "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2023-6710", datePublished: "2023-12-12T22:01:34.359Z", dateReserved: "2023-12-12T06:15:58.379Z", dateUpdated: "2025-01-09T06:18:19.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }