Action not permitted
Modal body text goes here.
CVE-2015-3254
Vulnerability from cvelistv5
Published
2017-06-16 22:00
Modified
2024-08-06 05:39
Severity ?
EPSS score ?
Summary
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:32.050Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/jira/browse/THRIFT-3231"
},
{
"name": "99112",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99112"
},
{
"name": "[thrift-user] 20151210 Re: [NOTICE]: Apache Thrift Security Vulnerability CVE-2015-1774",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:2477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "RHSA-2017:3115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/jira/browse/THRIFT-3231"
},
{
"name": "99112",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99112"
},
{
"name": "[thrift-user] 20151210 Re: [NOTICE]: Apache Thrift Security Vulnerability CVE-2015-1774",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E"
},
{
"name": "RHSA-2017:2477",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "RHSA-2017:3115",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3254",
"datePublished": "2017-06-16T22:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:32.050Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-3254\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-06-16T22:29:00.180\",\"lastModified\":\"2023-02-13T00:48:57.000\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.\"},{\"lang\":\"es\",\"value\":\"Las bibliotecas cliente de Apache Thrift anteriores a la versi\u00f3n 0.9.3 podr\u00edan permitir que los usuarios remotos autenticados causen una denegaci\u00f3n de servicio (recursi\u00f3n infinita) a trav\u00e9s de vectores que implican la funci\u00f3n skip.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.9.2\",\"matchCriteriaId\":\"3021F602-A471-49B9-8B42-4946C2156CE6\"}]}]}],\"references\":[{\"url\":\"http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/99112\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2477\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:3115\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.apache.org/jira/browse/THRIFT-3231\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E\",\"source\":\"secalert@redhat.com\"}]}}"
}
}
rhsa-2017_2477
Vulnerability from csaf_redhat
Published
2017-08-15 15:07
Modified
2024-11-05 20:08
Summary
Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.3 Update 7 security update
Notes
Topic
An update is now available for Red Hat JBoss Data Virtualization.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.
This release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)
* A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition. (CVE-2015-3254)
* A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing "wchp/wchc" commands, leading to the server being unable to serve legitimate requests. (CVE-2017-5637)
Red Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Data Virtualization.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Data Virtualization is a lean data integration solution that provides easy, real-time, and unified data access across disparate sources to multiple applications and users. JBoss Data Virtualization makes data spread across physically distinct systems - such as multiple databases, XML files, and even Hadoop systems - appear as a set of tables in a local database.\n\nThis release of Red Hat JBoss Data Virtualization 6.3 Update 7 serves as a replacement for Red Hat JBoss Data Virtualization 6.3 Update 6, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)\n\n* A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition. (CVE-2015-3254)\n\n* A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing \"wchp/wchc\" commands, leading to the server being unable to serve legitimate requests. (CVE-2017-5637)\n\nRed Hat would like to thank Liao Xinxi (NSFOCUS) for reporting CVE-2017-7525.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:2477",
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform\u0026downloadType=securityPatches\u0026version=6.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.services.platform\u0026downloadType=securityPatches\u0026version=6.3.0"
},
{
"category": "external",
"summary": "1454808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454808"
},
{
"category": "external",
"summary": "1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "1462783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2477.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Data Virtualization 6.3 Update 7 security update",
"tracking": {
"current_release_date": "2024-11-05T20:08:57+00:00",
"generator": {
"date": "2024-11-05T20:08:57+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2017:2477",
"initial_release_date": "2017-08-15T15:07:56+00:00",
"revision_history": [
{
"date": "2017-08-15T15:07:56+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-08-15T15:07:56+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:08:57+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Data Virtualization 6.3",
"product": {
"name": "Red Hat JBoss Data Virtualization 6.3",
"product_id": "Red Hat JBoss Data Virtualization 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_data_virtualization:6.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Data Virtualization"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3254",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462783"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thrift: Infinite recursion via vectors involving the skip function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Data Virtualization 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3254"
},
{
"category": "external",
"summary": "RHBZ#1462783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3254",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254"
}
],
"release_date": "2015-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-15T15:07:56+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Data Virtualization installation (including its databases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Data Virtualization server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the Red Hat JBoss Data Virtualization server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Data Virtualization 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Data Virtualization 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "thrift: Infinite recursion via vectors involving the skip function"
},
{
"cve": "CVE-2017-5637",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-05-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1454808"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability was discovered in ZooKeeper which allows an attacker to dramatically increase CPU utilization by abusing \"wchp/wchc\" commands, leading to the server being unable to serve legitimate requests.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "zookeeper: Incorrect input validation with wchp/wchc four letter words",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Data Virtualization 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-5637"
},
{
"category": "external",
"summary": "RHBZ#1454808",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1454808"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-5637",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5637"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5637",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5637"
}
],
"release_date": "2017-02-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-15T15:07:56+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Data Virtualization installation (including its databases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Data Virtualization server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the Red Hat JBoss Data Virtualization server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Data Virtualization 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Data Virtualization 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "zookeeper: Incorrect input validation with wchp/wchc four letter words"
},
{
"acknowledgments": [
{
"names": [
"Liao Xinxi"
],
"organization": "NSFOCUS"
}
],
"cve": "CVE-2017-7525",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462702"
}
],
"notes": [
{
"category": "description",
"text": "A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue affects the versions of jackson-databind (in Satellite 6.0 and 6.1) and candlepin (which embeds a copy of jackson-databind in Satellite 6.2) as shipped with Red Hat Satellite 6.x. However the affected code is NOT used at this time:\n\nCandlepin currently uses the default type resolution configuration for the ObjectMappers it creates/uses. Nowhere in candlepin do we enable global polymorphic deserialization via enableDefaultTyping(...), therefore based on the documentation sited BZ 1462702 , candlepin should not be affected.\n\nHowever as the vulnerable software ships with the product we have marked them as vulnerable to ensure the issue is tracked.\n\nJBoss EAP 7.x only uses the vulnerable Jackson Databind library for marshalling and unmarshalling of JSON objects passed to JAX-RS webservices. Some advise about how to remain safe when using JAX-RS webservices on JBoss EAP 7.x is available here: \n\nhttps://access.redhat.com/solutions/3279231\n\nAlthough JBoss Fuse ships the vulnerable version of jackson-databind, it does not call on enableDefaultTyping() for any polymorphic deserialization operations which is the root cause of this vulnerability. We have raised a Jira tracker to ensure that jackson-databind will be upgraded for Fuse 7.0, however due to feasibility issues jackson-databind cannot be upgraded in JBoss Fuse 6.3.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss Data Virtualization 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7525"
},
{
"category": "external",
"summary": "RHBZ#1462702",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462702"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7525"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7525"
}
],
"release_date": "2017-07-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-08-15T15:07:56+00:00",
"details": "Before applying the update, back up your existing Red Hat JBoss Data Virtualization installation (including its databases, applications, configuration files, and so on).\n\nNote that it is recommended to halt the Red Hat JBoss Data Virtualization server by stopping the JBoss Application Server process before installing this update, and then after installing the update, restart the Red Hat JBoss Data Virtualization server by starting the JBoss Application Server process.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss Data Virtualization 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"category": "workaround",
"details": "Mitigation to this problem is to not trigger polymorphic desrialization globally by using: objectMapper.enableDefaultTyping() and rather use @JsonTypeInfo on the class property to explicitly define the type information. For more information on this issue please refer to https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=true",
"product_ids": [
"Red Hat JBoss Data Virtualization 6.3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss Data Virtualization 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper"
}
]
}
rhsa-2017_3115
Vulnerability from csaf_redhat
Published
2017-11-02 20:08
Modified
2024-11-05 20:15
Summary
Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update
Notes
Topic
An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.
This patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.
Security Fix(es):
* It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct directory traversal attacks. (CVE-2016-9878)
* A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function, resulting in a denial of service (DoS) condition. (CVE-2015-3254)
* A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process. (CVE-2016-5725)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update is now available for Red Hat JBoss Fuse and Red Hat JBoss A-MQ.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.3 and Red Hat JBoss A-MQ 6.3. It includes bug fixes and enhancements, which are documented in the readme.txt file included with the patch files.\n\nSecurity Fix(es):\n\n* It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct directory traversal attacks. (CVE-2016-9878)\n\n* A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function, resulting in a denial of service (DoS) condition. (CVE-2015-3254)\n\n* A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process. (CVE-2016-5725)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2017:3115",
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.3"
},
{
"category": "external",
"summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0",
"url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=jboss.amq.broker\u0026version=6.3.0"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/",
"url": "https://access.redhat.com/documentation/en/red-hat-jboss-fuse/"
},
{
"category": "external",
"summary": "1375941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
},
{
"category": "external",
"summary": "1408164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
},
{
"category": "external",
"summary": "1462783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_3115.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.3 R5 security and bug fix update",
"tracking": {
"current_release_date": "2024-11-05T20:15:28+00:00",
"generator": {
"date": "2024-11-05T20:15:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2017:3115",
"initial_release_date": "2017-11-02T20:08:36+00:00",
"revision_history": [
{
"date": "2017-11-02T20:08:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2017-11-02T20:08:36+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T20:15:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss A-MQ 6.3",
"product": {
"name": "Red Hat JBoss A-MQ 6.3",
"product_id": "Red Hat JBoss A-MQ 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:6.3"
}
}
},
{
"category": "product_name",
"name": "Red Hat JBoss Fuse 6.3",
"product": {
"name": "Red Hat JBoss Fuse 6.3",
"product_id": "Red Hat JBoss Fuse 6.3",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:6.3"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Fuse"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3254",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2017-06-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1462783"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in Apache Thrift client libraries that allows remote, authenticated attackers to cause an infinite recursion via vectors involving the skip function; resulting in a denial of service (DoS) condition.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "thrift: Infinite recursion via vectors involving the skip function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2015-3254"
},
{
"category": "external",
"summary": "RHBZ#1462783",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1462783"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2015-3254",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254"
}
],
"release_date": "2015-07-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T20:08:36+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "thrift: Infinite recursion via vectors involving the skip function"
},
{
"cve": "CVE-2016-5725",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-09-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375941"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch\u0027s implementation for recursive sftp-get. An attacker could leverage this to write files outside the client\u0027s download basedir with effective permissions of the jsch sftp client process.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "jsch: ChannelSftp path traversal vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5725"
},
{
"category": "external",
"summary": "RHBZ#1375941",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375941"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5725",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5725"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5725"
},
{
"category": "external",
"summary": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725",
"url": "https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725"
}
],
"release_date": "2016-08-31T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T20:08:36+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "jsch: ChannelSftp path traversal vulnerability"
},
{
"cve": "CVE-2016-9878",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2016-12-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1408164"
}
],
"notes": [
{
"category": "description",
"text": "It was found that ResourceServlet in Spring Framework does not sanitize the paths that have been provided properly. An attacker can utilize this flaw to conduct a directory traversal attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "Framework: Directory Traversal in the Spring Framework ResourceServlet",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-9878"
},
{
"category": "external",
"summary": "RHBZ#1408164",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408164"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-9878",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9878"
},
{
"category": "external",
"summary": "https://pivotal.io/security/cve-2016-9878",
"url": "https://pivotal.io/security/cve-2016-9878"
}
],
"release_date": "2016-12-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2017-11-02T20:08:36+00:00",
"details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nInstallation instructions are located in the download section of the customer portal.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
"product_ids": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"Red Hat JBoss A-MQ 6.3",
"Red Hat JBoss Fuse 6.3"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "Framework: Directory Traversal in the Spring Framework ResourceServlet"
}
]
}
gsd-2015-3254
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3254",
"description": "The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.",
"id": "GSD-2015-3254",
"references": [
"https://www.suse.com/security/cve/CVE-2015-3254.html",
"https://access.redhat.com/errata/RHSA-2017:3115",
"https://access.redhat.com/errata/RHSA-2017:2477"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-3254"
],
"details": "The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.",
"id": "GSD-2015-3254",
"modified": "2023-12-13T01:20:07.285066Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774",
"refsource": "MISC",
"url": "http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774"
},
{
"name": "http://www.securityfocus.com/bid/99112",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/99112"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:2477",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "https://access.redhat.com/errata/RHSA-2017:3115",
"refsource": "MISC",
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
},
{
"name": "https://issues.apache.org/jira/browse/THRIFT-3231",
"refsource": "MISC",
"url": "https://issues.apache.org/jira/browse/THRIFT-3231"
},
{
"name": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E",
"refsource": "MISC",
"url": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "(,0.9.2]",
"affected_versions": "All versions up to 0.9.2",
"cvss_v2": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-20",
"CWE-937"
],
"date": "2018-01-05",
"description": "The client libraries in Apache Thrift might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.",
"fixed_versions": [
"0.9.3"
],
"identifier": "CVE-2015-3254",
"identifiers": [
"CVE-2015-3254"
],
"not_impacted": "All versions after 0.9.2",
"package_slug": "maven/org.apache.thrift/libthrift",
"pubdate": "2017-06-16",
"solution": "Upgrade to version 0.9.3 or above.",
"title": "Improper Input Validation",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2015-3254",
"https://issues.apache.org/jira/browse/THRIFT-3231"
],
"uuid": "166baba7-30dd-407f-8aa7-6d750861839d"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:apache:thrift:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "0.9.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3254"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/THRIFT-3231",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://issues.apache.org/jira/browse/THRIFT-3231"
},
{
"name": "http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774",
"refsource": "CONFIRM",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774"
},
{
"name": "99112",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/99112"
},
{
"name": "RHSA-2017:3115",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
},
{
"name": "RHSA-2017:2477",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"name": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E",
"refsource": "MISC",
"tags": [],
"url": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2023-02-13T00:48Z",
"publishedDate": "2017-06-16T22:29Z"
}
}
}
ghsa-4rvx-g54x-9p63
Vulnerability from github
Published
2022-05-14 03:59
Modified
2022-05-14 03:59
Severity ?
Details
The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.
{
"affected": [],
"aliases": [
"CVE-2015-3254"
],
"database_specific": {
"cwe_ids": [
"CWE-20"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-06-16T22:29:00Z",
"severity": "MODERATE"
},
"details": "The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function.",
"id": "GHSA-4rvx-g54x-9p63",
"modified": "2022-05-14T03:59:08Z",
"published": "2022-05-14T03:59:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3254"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2477"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
},
{
"type": "WEB",
"url": "https://issues.apache.org/jira/browse/THRIFT-3231"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew%40mail.gmail.com%3E"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/thrift-user/201512.mbox/%3CCANyrgvcjvEcjTVmaL+tVXCBm4o5G+1neu=MUubD9GbU85bO_Ew@mail.gmail.com%3E"
},
{
"type": "WEB",
"url": "http://grokbase.com/t/thrift/user/15c2tss3td/notice-apache-thrift-security-vulnerability-cve-2015-1774"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99112"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
wid-sec-w-2023-0720
Vulnerability from csaf_certbund
Published
2017-11-02 23:00
Modified
2023-03-22 23:00
Summary
Red Hat JBoss: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB).
JBoss A-MQ ist eine Messaging-Plattform.
Angriff
Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuführen, Sicherheitsmechanismen zu umgehen oder Informationen offenzulegen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "JBoss Fuse ist ein Open Source Enterprise Service Bus (ESB).\r\nJBoss A-MQ ist eine Messaging-Plattform.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, authentisierter oder anonymer Angreifer kann mehrere Schwachstellen in Red Hat JBoss Fuse und Red Hat JBoss A-MQ ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren, Sicherheitsmechanismen zu umgehen oder Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-0720 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-0720.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-0720 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0720"
},
{
"category": "external",
"summary": "IBM Security Bulletin 6965698 vom 2023-03-23",
"url": "https://www.ibm.com/support/pages/node/6965698"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2017:3115 vom 2017-11-02",
"url": "https://access.redhat.com/errata/RHSA-2017:3115"
},
{
"category": "external",
"summary": "Debian Security Advisory DLA 2184 vom 2020-04-25",
"url": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202004/msg00017.html"
}
],
"source_lang": "en-US",
"title": "Red Hat JBoss: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-03-22T23:00:00.000+00:00",
"generator": {
"date": "2024-02-15T17:20:11.903+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.0"
}
},
"id": "WID-SEC-W-2023-0720",
"initial_release_date": "2017-11-02T23:00:00.000+00:00",
"revision_history": [
{
"date": "2017-11-02T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-11-02T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2020-04-26T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Debian aufgenommen"
},
{
"date": "2023-03-22T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von IBM aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "IBM Tivoli Network Manager 4.2.0",
"product": {
"name": "IBM Tivoli Network Manager 4.2.0",
"product_id": "T025751",
"product_identification_helper": {
"cpe": "cpe:/a:ibm:tivoli_network_manager:4.2.0"
}
}
}
],
"category": "vendor",
"name": "IBM"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss A-MQ 6.3",
"product": {
"name": "Red Hat JBoss A-MQ 6.3",
"product_id": "T008598",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_amq:6.3"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat JBoss Fuse 6.3",
"product": {
"name": "Red Hat JBoss Fuse 6.3",
"product_id": "T008597",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_fuse:6.3"
}
}
}
],
"category": "vendor",
"name": "redhat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3254",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle besteht in den Apache Thrift Client-Bibliotheken. Ein entfernter, authentifizierter Angreifer kann diese Schwachstelle ausnutzen, um eine unendliche Rekursion (infinite recursion) \u00fcber Vektoren mit der Skip-Funktion zu verursachen und in der Folge einen Denial of Service Zustand herbeizuf\u00fchren."
}
],
"product_status": {
"known_affected": [
"T008598",
"2951",
"T025751",
"T008597"
]
},
"release_date": "2017-11-02T23:00:00Z",
"title": "CVE-2015-3254"
},
{
"cve": "CVE-2016-5725",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle beruht auf einer unzureichenden Pr\u00fcfung von Berechtigungen in JSch. Ein Angreifer kann dieses zu einem Path Traversal Angriff nutzen und in der Folge beliebige Dateien \u00fcberschreiben. Zur erfolgreichen Ausnutzung dieser Schwachstelle ist eine Benutzeraktion erforderlich."
}
],
"product_status": {
"known_affected": [
"T008598",
"2951",
"T025751",
"T008597"
]
},
"release_date": "2017-11-02T23:00:00Z",
"title": "CVE-2016-5725"
},
{
"cve": "CVE-2016-9878",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in Red Hat JBoss Fuse und Red Hat JBoss A-MQ. Die Schwachstelle beruht auf einer unzureichenden Pr\u00fcfung von Zugriffsberechtigungen im ResourceServlet im Spring Framework. Ein Angreifer kann dieses zu einem \"Path Traversal\" nutzen und in der Folge vertrauliche Informationen offenlegen."
}
],
"product_status": {
"known_affected": [
"T008598",
"2951",
"T025751",
"T008597"
]
},
"release_date": "2017-11-02T23:00:00Z",
"title": "CVE-2016-9878"
}
]
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.