Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-28331
Vulnerability from cvelistv5
Published
2023-01-31 15:55
Modified
2025-03-27 14:31
Severity ?
EPSS score ?
Summary
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Portable Runtime (APR) |
Version: 0 < |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:56:14.939Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "vendor-advisory", "x_transferred", ], url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2022-28331", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-03-27T14:31:25.841968Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-27T14:31:30.494Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Apache Portable Runtime (APR)", vendor: "Apache Software Foundation", versions: [ { lessThanOrEqual: "1.7.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Ronald Crane (Zippenhop LLC)", }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", }, ], value: "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", }, ], metrics: [ { other: { content: { text: "moderate", }, type: "Textual description of severity", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-190", description: "CWE-190 Integer Overflow or Wraparound", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-07-07T15:26:44.884Z", orgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", shortName: "apache", }, references: [ { tags: [ "vendor-advisory", ], url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], source: { discovery: "UNKNOWN", }, title: "Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function", x_generator: { engine: "Vulnogram 0.1.0-dev", }, }, }, cveMetadata: { assignerOrgId: "f0158376-9dc2-43b6-827c-5f631a4d8d09", assignerShortName: "apache", cveId: "CVE-2022-28331", datePublished: "2023-01-31T15:55:21.488Z", dateReserved: "2022-04-01T12:46:04.617Z", dateUpdated: "2025-03-27T14:31:30.494Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { fkie_nvd: { configurations: "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.7.0\", \"matchCriteriaId\": \"1DB0978A-CC7C-49E0-8C5D-578F538F25F1\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}]", descriptions: "[{\"lang\": \"en\", \"value\": \"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"}, {\"lang\": \"es\", \"value\": \"En Windows, Apache Portable Runtime 1.7.0 y versiones anteriores pueden escribir m\\u00e1s all\\u00e1 del final de un b\\u00fafer basado en pila en apr_socket_sendv(). Este es el resultado del desbordamiento de enteros.\"}]", id: "CVE-2022-28331", lastModified: "2024-11-21T06:57:10.740", metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}", published: "2023-01-31T16:15:08.977", references: "[{\"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\", \"source\": \"security@apache.org\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}]", sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: "[{\"source\": \"security@apache.org\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-190\"}]}]", }, nvd: "{\"cve\":{\"id\":\"CVE-2022-28331\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-01-31T16:15:08.977\",\"lastModified\":\"2025-03-27T15:15:37.330\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"},{\"lang\":\"es\",\"value\":\"En Windows, Apache Portable Runtime 1.7.0 y versiones anteriores pueden escribir más allá del final de un búfer basado en pila en apr_socket_sendv(). Este es el resultado del desbordamiento de enteros.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.7.0\",\"matchCriteriaId\":\"1DB0978A-CC7C-49E0-8C5D-578F538F25F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2572D17-1DE6-457B-99CC-64AFD54487EA\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\",\"source\":\"security@apache.org\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]}]}}", vulnrichment: { containers: "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Apache Portable Runtime (APR)\", \"vendor\": \"Apache Software Foundation\", \"versions\": [{\"lessThanOrEqual\": \"1.7.0\", \"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Ronald Crane (Zippenhop LLC)\"}], \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"}], \"value\": \"On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.\"}], \"metrics\": [{\"other\": {\"content\": {\"text\": \"moderate\"}, \"type\": \"Textual description of severity\"}}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-190\", \"description\": \"CWE-190 Integer Overflow or Wraparound\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"shortName\": \"apache\", \"dateUpdated\": \"2023-07-07T15:26:44.884Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\"}], \"source\": {\"discovery\": \"UNKNOWN\"}, \"title\": \"Apache Portable Runtime (APR): Windows out-of-bounds write in apr_socket_sendv function\", \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T05:56:14.939Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"vendor-advisory\", \"x_transferred\"], \"url\": \"https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-28331\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-27T14:31:25.841968Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-27T14:31:12.008Z\"}}]}", cveMetadata: "{\"cveId\": \"CVE-2022-28331\", \"assignerOrgId\": \"f0158376-9dc2-43b6-827c-5f631a4d8d09\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"apache\", \"dateReserved\": \"2022-04-01T12:46:04.617Z\", \"datePublished\": \"2023-01-31T15:55:21.488Z\", \"dateUpdated\": \"2025-03-27T14:31:30.494Z\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
rhsa-2023:4910
Vulnerability from csaf_redhat
Published
2023-09-04 12:24
Modified
2025-03-03 16:49
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Notes
Topic
Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4910", url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=webserver&version=5.7", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=webserver&version=5.7", }, { category: "external", summary: "2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "2180856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180856", }, { category: "external", summary: "2210321", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2210321", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4910.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update", tracking: { current_release_date: "2025-03-03T16:49:20+00:00", generator: { date: "2025-03-03T16:49:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2023:4910", initial_release_date: "2023-09-04T12:24:13+00:00", revision_history: [ { date: "2023-09-04T12:24:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-04T12:24:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T16:49:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JWS 5.7.4 release", product: { name: "JWS 5.7.4 release", product_id: "JWS 5.7.4 release", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2023-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169465", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", title: "Vulnerability description", }, { category: "summary", text: "apr: integer overflow/wraparound in apr_encode", title: "Vulnerability summary", }, { category: "other", text: "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24963", }, { category: "external", summary: "RHBZ#2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24963", url: "https://www.cve.org/CVERecord?id=CVE-2022-24963", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", }, { category: "external", summary: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", url: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: integer overflow/wraparound in apr_encode", }, { cve: "CVE-2022-28331", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172556", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.", title: "Vulnerability description", }, { category: "summary", text: "apr: Windows out-of-bounds write in apr_socket_sendv function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28331", }, { category: "external", summary: "RHBZ#2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28331", url: "https://www.cve.org/CVERecord?id=CVE-2022-28331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", }, { category: "external", summary: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: Windows out-of-bounds write in apr_socket_sendv function", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, { cve: "CVE-2023-28708", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180856", }, ], notes: [ { category: "description", text: "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n", title: "Vulnerability description", }, { category: "summary", text: "tomcat: not including the secure attribute causes information disclosure", title: "Vulnerability summary", }, { category: "other", text: "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28708", }, { category: "external", summary: "RHBZ#2180856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28708", url: "https://www.cve.org/CVERecord?id=CVE-2023-28708", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28708", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28708", }, { category: "external", summary: "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471", url: "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471", }, { category: "external", summary: "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", url: "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "workaround", details: "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796", product_ids: [ "JWS 5.7.4 release", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: not including the secure attribute causes information disclosure", }, { cve: "CVE-2023-28709", cwe: { id: "CWE-193", name: "Off-by-one Error", }, discovery_date: "2023-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2210321", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Fix for CVE-2023-24998 was incomplete", title: "Vulnerability summary", }, { category: "other", text: "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28709", }, { category: "external", summary: "RHBZ#2210321", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2210321", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28709", url: "https://www.cve.org/CVERecord?id=CVE-2023-28709", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28709", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28709", }, { category: "external", summary: "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j", url: "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j", }, ], release_date: "2023-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: Fix for CVE-2023-24998 was incomplete", }, ], }
rhsa-2023_4910
Vulnerability from csaf_redhat
Published
2023-09-04 12:24
Modified
2024-12-06 12:21
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Notes
Topic
Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4910", url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=webserver&version=5.7", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=webserver&version=5.7", }, { category: "external", summary: "2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "2180856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180856", }, { category: "external", summary: "2210321", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2210321", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4910.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update", tracking: { current_release_date: "2024-12-06T12:21:19+00:00", generator: { date: "2024-12-06T12:21:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.2", }, }, id: "RHSA-2023:4910", initial_release_date: "2023-09-04T12:24:13+00:00", revision_history: [ { date: "2023-09-04T12:24:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-04T12:24:13+00:00", number: "2", summary: "Last updated version", }, { date: "2024-12-06T12:21:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JWS 5.7.4 release", product: { name: "JWS 5.7.4 release", product_id: "JWS 5.7.4 release", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2023-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169465", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", title: "Vulnerability description", }, { category: "summary", text: "apr: integer overflow/wraparound in apr_encode", title: "Vulnerability summary", }, { category: "other", text: "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24963", }, { category: "external", summary: "RHBZ#2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24963", url: "https://www.cve.org/CVERecord?id=CVE-2022-24963", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", }, { category: "external", summary: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", url: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: integer overflow/wraparound in apr_encode", }, { cve: "CVE-2022-28331", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172556", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.", title: "Vulnerability description", }, { category: "summary", text: "apr: Windows out-of-bounds write in apr_socket_sendv function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28331", }, { category: "external", summary: "RHBZ#2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28331", url: "https://www.cve.org/CVERecord?id=CVE-2022-28331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", }, { category: "external", summary: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: Windows out-of-bounds write in apr_socket_sendv function", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, { cve: "CVE-2023-28708", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180856", }, ], notes: [ { category: "description", text: "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n", title: "Vulnerability description", }, { category: "summary", text: "tomcat: not including the secure attribute causes information disclosure", title: "Vulnerability summary", }, { category: "other", text: "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28708", }, { category: "external", summary: "RHBZ#2180856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28708", url: "https://www.cve.org/CVERecord?id=CVE-2023-28708", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28708", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28708", }, { category: "external", summary: "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471", url: "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471", }, { category: "external", summary: "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", url: "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "workaround", details: "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796", product_ids: [ "JWS 5.7.4 release", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: not including the secure attribute causes information disclosure", }, { cve: "CVE-2023-28709", cwe: { id: "CWE-193", name: "Off-by-one Error", }, discovery_date: "2023-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2210321", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Fix for CVE-2023-24998 was incomplete", title: "Vulnerability summary", }, { category: "other", text: "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28709", }, { category: "external", summary: "RHBZ#2210321", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2210321", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28709", url: "https://www.cve.org/CVERecord?id=CVE-2023-28709", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28709", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28709", }, { category: "external", summary: "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j", url: "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j", }, ], release_date: "2023-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: Fix for CVE-2023-24998 was incomplete", }, ], }
rhsa-2023:4628
Vulnerability from csaf_redhat
Published
2023-08-15 17:37
Modified
2025-03-15 03:58
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)
* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)
* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)
* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)
* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\n* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)\n\n* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)\n\n* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)\n\n* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\n* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)\n\n* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)\n\n* curl: more POST-after-PUT confusion (CVE-2023-28322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4628", url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2161773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", }, { category: "external", summary: "2161777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", }, { category: "external", summary: "2163615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163615", }, { category: "external", summary: "2163622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163622", }, { category: "external", summary: "2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "2176211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176211", }, { category: "external", summary: "2185984", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", }, { category: "external", summary: "2185994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", }, { category: "external", summary: "2196778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", }, { category: "external", summary: "2196786", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", }, { category: "external", summary: "2196793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4628.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update", tracking: { current_release_date: "2025-03-15T03:58:19+00:00", generator: { date: "2025-03-15T03:58:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4628", initial_release_date: "2023-08-15T17:37:09+00:00", revision_history: [ { date: "2023-08-15T17:37:09+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-15T17:37:09+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T03:58:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Text-Only JBCS", product: { name: "Text-Only JBCS", product_id: "Text-Only JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2023-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169465", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", title: "Vulnerability description", }, { category: "summary", text: "apr: integer overflow/wraparound in apr_encode", title: "Vulnerability summary", }, { category: "other", text: "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24963", }, { category: "external", summary: "RHBZ#2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24963", url: "https://www.cve.org/CVERecord?id=CVE-2022-24963", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", }, { category: "external", summary: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", url: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: integer overflow/wraparound in apr_encode", }, { cve: "CVE-2022-28331", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172556", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.", title: "Vulnerability description", }, { category: "summary", text: "apr: Windows out-of-bounds write in apr_socket_sendv function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28331", }, { category: "external", summary: "RHBZ#2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28331", url: "https://www.cve.org/CVERecord?id=CVE-2022-28331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", }, { category: "external", summary: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: Windows out-of-bounds write in apr_socket_sendv function", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2023-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2161777", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ajp: Possible request smuggling", title: "Vulnerability summary", }, { category: "other", text: "This flaw only affects configurations with mod_proxy_ajp loaded and with an AJP backend configured. If there is no proxy configured to an AJP backend the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-36760", }, { category: "external", summary: "RHBZ#2161777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-36760", url: "https://www.cve.org/CVERecord?id=CVE-2022-36760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_ajp: Possible request smuggling", }, { cve: "CVE-2022-37436", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2161773", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy: HTTP response splitting", title: "Vulnerability summary", }, { category: "other", text: "This flaw is only exploitable via bad headers generated by a malicious backend or a malicious application.\n\nhttpd as shipped in Red Hat Enterprise Linux 7, 8, 9 and in RHSCL is vulnerable to this flaw. httpd as shipped in Red Hat Enterprise Linux 6 is not affected.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37436", }, { category: "external", summary: "RHBZ#2161773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37436", url: "https://www.cve.org/CVERecord?id=CVE-2022-37436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. It's recommended to update the affected packages as soon as an update is available.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy: HTTP response splitting", }, { cve: "CVE-2022-48279", cwe: { id: "CWE-1389", name: "Incorrect Parsing of Numbers with Different Radices", }, discovery_date: "2023-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2163622", }, ], notes: [ { category: "description", text: "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.", title: "Vulnerability description", }, { category: "summary", text: "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-48279", }, { category: "external", summary: "RHBZ#2163622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-48279", url: "https://www.cve.org/CVERecord?id=CVE-2022-48279", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", }, ], release_date: "2023-01-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", }, { cve: "CVE-2023-24021", cwe: { id: "CWE-402", name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", }, discovery_date: "2023-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2163615", }, ], notes: [ { category: "description", text: "A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.", title: "Vulnerability description", }, { category: "summary", text: "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24021", }, { category: "external", summary: "RHBZ#2163615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24021", url: "https://www.cve.org/CVERecord?id=CVE-2023-24021", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", }, ], release_date: "2023-01-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", }, { cve: "CVE-2023-27522", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-03-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176211", }, ], notes: [ { category: "description", text: "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_uwsgi HTTP response splitting", title: "Vulnerability summary", }, { category: "other", text: "The HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi has been categorized as moderate severity for Red Hat Enterprise Linux due to several technical factors. While the potential impact of this vulnerability is significant, its exploitation requires specific conditions, including the presence of mod_proxy_uwsgi and the ability to inject specially crafted headers into requests. Additionally, successful exploitation depends on the specific configuration of the server and the network environment. Furthermore, the vulnerability primarily affects the integrity and reliability of HTTP responses, rather than directly leading to remote code execution or unauthorized access. Therefore, the likelihood of exploitation and the potential impact on affected systems have been evaluated as moderate, warranting attention and remediation but not categorized as important.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27522", }, { category: "external", summary: "RHBZ#2176211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176211", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27522", url: "https://www.cve.org/CVERecord?id=CVE-2023-27522", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_uwsgi HTTP response splitting", }, { acknowledgments: [ { names: [ "Wei Chong Tan", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28319", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196778", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.", title: "Vulnerability description", }, { category: "summary", text: "curl: use after free in SSH sha256 fingerprint check", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28319", }, { category: "external", summary: "RHBZ#2196778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28319", url: "https://www.cve.org/CVERecord?id=CVE-2023-28319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28319.html", url: "https://curl.se/docs/CVE-2023-28319.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: use after free in SSH sha256 fingerprint check", }, { acknowledgments: [ { names: [ "Hiroki Kurosawa", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28321", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196786", }, ], notes: [ { category: "description", text: "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", title: "Vulnerability description", }, { category: "summary", text: "curl: IDN wildcard match may lead to Improper Cerificate Validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28321", }, { category: "external", summary: "RHBZ#2196786", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28321", url: "https://www.cve.org/CVERecord?id=CVE-2023-28321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28321.html", url: "https://curl.se/docs/CVE-2023-28321.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IDN wildcard match may lead to Improper Cerificate Validation", }, { acknowledgments: [ { names: [ "Hiroki Kurosawa", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28322", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196793", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", title: "Vulnerability description", }, { category: "summary", text: "curl: more POST-after-PUT confusion", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28322", }, { category: "external", summary: "RHBZ#2196793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28322", url: "https://www.cve.org/CVERecord?id=CVE-2023-28322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28322.html", url: "https://curl.se/docs/CVE-2023-28322.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: more POST-after-PUT confusion", }, { cve: "CVE-2023-28484", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185994", }, ], notes: [ { category: "description", text: "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL dereference in xmlSchemaFixupComplexType", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28484", }, { category: "external", summary: "RHBZ#2185994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28484", url: "https://www.cve.org/CVERecord?id=CVE-2023-28484", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", }, ], release_date: "2023-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL dereference in xmlSchemaFixupComplexType", }, { cve: "CVE-2023-29469", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185984", }, ], notes: [ { category: "description", text: "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Hashing of empty dict strings isn't deterministic", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29469", }, { category: "external", summary: "RHBZ#2185984", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29469", url: "https://www.cve.org/CVERecord?id=CVE-2023-29469", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", }, ], release_date: "2023-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Hashing of empty dict strings isn't deterministic", }, ], }
RHSA-2023:4628
Vulnerability from csaf_redhat
Published
2023-08-15 17:37
Modified
2025-03-15 03:58
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)
* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)
* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)
* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)
* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\n* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)\n\n* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)\n\n* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)\n\n* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\n* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)\n\n* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)\n\n* curl: more POST-after-PUT confusion (CVE-2023-28322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4628", url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2161773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", }, { category: "external", summary: "2161777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", }, { category: "external", summary: "2163615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163615", }, { category: "external", summary: "2163622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163622", }, { category: "external", summary: "2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "2176211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176211", }, { category: "external", summary: "2185984", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", }, { category: "external", summary: "2185994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", }, { category: "external", summary: "2196778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", }, { category: "external", summary: "2196786", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", }, { category: "external", summary: "2196793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4628.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update", tracking: { current_release_date: "2025-03-15T03:58:19+00:00", generator: { date: "2025-03-15T03:58:19+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:4628", initial_release_date: "2023-08-15T17:37:09+00:00", revision_history: [ { date: "2023-08-15T17:37:09+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-15T17:37:09+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T03:58:19+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Text-Only JBCS", product: { name: "Text-Only JBCS", product_id: "Text-Only JBCS", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2023-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169465", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", title: "Vulnerability description", }, { category: "summary", text: "apr: integer overflow/wraparound in apr_encode", title: "Vulnerability summary", }, { category: "other", text: "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24963", }, { category: "external", summary: "RHBZ#2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24963", url: "https://www.cve.org/CVERecord?id=CVE-2022-24963", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", }, { category: "external", summary: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", url: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: integer overflow/wraparound in apr_encode", }, { cve: "CVE-2022-28331", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172556", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.", title: "Vulnerability description", }, { category: "summary", text: "apr: Windows out-of-bounds write in apr_socket_sendv function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28331", }, { category: "external", summary: "RHBZ#2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28331", url: "https://www.cve.org/CVERecord?id=CVE-2022-28331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", }, { category: "external", summary: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: Windows out-of-bounds write in apr_socket_sendv function", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2023-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2161777", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ajp: Possible request smuggling", title: "Vulnerability summary", }, { category: "other", text: "This flaw only affects configurations with mod_proxy_ajp loaded and with an AJP backend configured. If there is no proxy configured to an AJP backend the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-36760", }, { category: "external", summary: "RHBZ#2161777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-36760", url: "https://www.cve.org/CVERecord?id=CVE-2022-36760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_ajp: Possible request smuggling", }, { cve: "CVE-2022-37436", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2161773", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy: HTTP response splitting", title: "Vulnerability summary", }, { category: "other", text: "This flaw is only exploitable via bad headers generated by a malicious backend or a malicious application.\n\nhttpd as shipped in Red Hat Enterprise Linux 7, 8, 9 and in RHSCL is vulnerable to this flaw. httpd as shipped in Red Hat Enterprise Linux 6 is not affected.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37436", }, { category: "external", summary: "RHBZ#2161773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37436", url: "https://www.cve.org/CVERecord?id=CVE-2022-37436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. It's recommended to update the affected packages as soon as an update is available.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy: HTTP response splitting", }, { cve: "CVE-2022-48279", cwe: { id: "CWE-1389", name: "Incorrect Parsing of Numbers with Different Radices", }, discovery_date: "2023-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2163622", }, ], notes: [ { category: "description", text: "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.", title: "Vulnerability description", }, { category: "summary", text: "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-48279", }, { category: "external", summary: "RHBZ#2163622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-48279", url: "https://www.cve.org/CVERecord?id=CVE-2022-48279", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", }, ], release_date: "2023-01-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", }, { cve: "CVE-2023-24021", cwe: { id: "CWE-402", name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", }, discovery_date: "2023-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2163615", }, ], notes: [ { category: "description", text: "A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.", title: "Vulnerability description", }, { category: "summary", text: "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24021", }, { category: "external", summary: "RHBZ#2163615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24021", url: "https://www.cve.org/CVERecord?id=CVE-2023-24021", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", }, ], release_date: "2023-01-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", }, { cve: "CVE-2023-27522", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-03-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176211", }, ], notes: [ { category: "description", text: "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_uwsgi HTTP response splitting", title: "Vulnerability summary", }, { category: "other", text: "The HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi has been categorized as moderate severity for Red Hat Enterprise Linux due to several technical factors. While the potential impact of this vulnerability is significant, its exploitation requires specific conditions, including the presence of mod_proxy_uwsgi and the ability to inject specially crafted headers into requests. Additionally, successful exploitation depends on the specific configuration of the server and the network environment. Furthermore, the vulnerability primarily affects the integrity and reliability of HTTP responses, rather than directly leading to remote code execution or unauthorized access. Therefore, the likelihood of exploitation and the potential impact on affected systems have been evaluated as moderate, warranting attention and remediation but not categorized as important.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27522", }, { category: "external", summary: "RHBZ#2176211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176211", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27522", url: "https://www.cve.org/CVERecord?id=CVE-2023-27522", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Text-Only JBCS", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_uwsgi HTTP response splitting", }, { acknowledgments: [ { names: [ "Wei Chong Tan", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28319", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196778", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.", title: "Vulnerability description", }, { category: "summary", text: "curl: use after free in SSH sha256 fingerprint check", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28319", }, { category: "external", summary: "RHBZ#2196778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28319", url: "https://www.cve.org/CVERecord?id=CVE-2023-28319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28319.html", url: "https://curl.se/docs/CVE-2023-28319.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: use after free in SSH sha256 fingerprint check", }, { acknowledgments: [ { names: [ "Hiroki Kurosawa", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28321", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196786", }, ], notes: [ { category: "description", text: "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", title: "Vulnerability description", }, { category: "summary", text: "curl: IDN wildcard match may lead to Improper Cerificate Validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28321", }, { category: "external", summary: "RHBZ#2196786", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28321", url: "https://www.cve.org/CVERecord?id=CVE-2023-28321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28321.html", url: "https://curl.se/docs/CVE-2023-28321.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IDN wildcard match may lead to Improper Cerificate Validation", }, { acknowledgments: [ { names: [ "Hiroki Kurosawa", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28322", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196793", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", title: "Vulnerability description", }, { category: "summary", text: "curl: more POST-after-PUT confusion", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28322", }, { category: "external", summary: "RHBZ#2196793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28322", url: "https://www.cve.org/CVERecord?id=CVE-2023-28322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28322.html", url: "https://curl.se/docs/CVE-2023-28322.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: more POST-after-PUT confusion", }, { cve: "CVE-2023-28484", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185994", }, ], notes: [ { category: "description", text: "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL dereference in xmlSchemaFixupComplexType", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28484", }, { category: "external", summary: "RHBZ#2185994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28484", url: "https://www.cve.org/CVERecord?id=CVE-2023-28484", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", }, ], release_date: "2023-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL dereference in xmlSchemaFixupComplexType", }, { cve: "CVE-2023-29469", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185984", }, ], notes: [ { category: "description", text: "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Hashing of empty dict strings isn't deterministic", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Text-Only JBCS", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29469", }, { category: "external", summary: "RHBZ#2185984", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29469", url: "https://www.cve.org/CVERecord?id=CVE-2023-29469", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", }, ], release_date: "2023-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Text-Only JBCS", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Text-Only JBCS", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Hashing of empty dict strings isn't deterministic", }, ], }
rhsa-2023_4628
Vulnerability from csaf_redhat
Published
2023-08-15 17:37
Modified
2024-11-22 23:56
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)
* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)
* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)
* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)
* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)
* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)
* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)
* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)
* curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr-util: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* httpd: mod_proxy_ajp: Possible request smuggling (CVE-2022-36760)\n\n* httpd: mod_proxy: HTTP response splitting (CVE-2022-37436)\n\n* mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass (CVE-2022-48279)\n\n* modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass (CVE-2023-24021)\n\n* httpd: mod_proxy_uwsgi HTTP response splitting (CVE-2023-27522)\n\n* curl: use after free in SSH sha256 fingerprint check (CVE-2023-28319)\n\n* curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)\n\n* libxml2: NULL dereference in xmlSchemaFixupComplexType (CVE-2023-28484)\n\n* libxml2: Hashing of empty dict strings isn't deterministic (CVE-2023-29469)\n\n* curl: more POST-after-PUT confusion (CVE-2023-28322)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4628", url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "2161773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", }, { category: "external", summary: "2161777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", }, { category: "external", summary: "2163615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163615", }, { category: "external", summary: "2163622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163622", }, { category: "external", summary: "2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "2176211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176211", }, { category: "external", summary: "2185984", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", }, { category: "external", summary: "2185994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", }, { category: "external", summary: "2196778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", }, { category: "external", summary: "2196786", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", }, { category: "external", summary: "2196793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4628.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.57 security update", tracking: { current_release_date: "2024-11-22T23:56:24+00:00", generator: { date: "2024-11-22T23:56:24+00:00", engine: { name: "Red Hat SDEngine", version: "4.2.1", }, }, id: "RHSA-2023:4628", initial_release_date: "2023-08-15T17:37:09+00:00", revision_history: [ { date: "2023-08-15T17:37:09+00:00", number: "1", summary: "Initial version", }, { date: "2023-08-15T17:37:09+00:00", number: "2", summary: "Last updated version", }, { date: "2024-11-22T23:56:24+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat JBoss Core Services 1", product: { name: "Red Hat JBoss Core Services 1", product_id: "Red Hat JBoss Core Services 1", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:1", }, }, }, ], category: "product_family", name: "Red Hat JBoss Core Services", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2023-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169465", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", title: "Vulnerability description", }, { category: "summary", text: "apr: integer overflow/wraparound in apr_encode", title: "Vulnerability summary", }, { category: "other", text: "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24963", }, { category: "external", summary: "RHBZ#2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24963", url: "https://www.cve.org/CVERecord?id=CVE-2022-24963", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", }, { category: "external", summary: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", url: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: integer overflow/wraparound in apr_encode", }, { cve: "CVE-2022-28331", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172556", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.", title: "Vulnerability description", }, { category: "summary", text: "apr: Windows out-of-bounds write in apr_socket_sendv function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28331", }, { category: "external", summary: "RHBZ#2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28331", url: "https://www.cve.org/CVERecord?id=CVE-2022-28331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", }, { category: "external", summary: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: Windows out-of-bounds write in apr_socket_sendv function", }, { cve: "CVE-2022-36760", cwe: { id: "CWE-444", name: "Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')", }, discovery_date: "2023-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2161777", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forwards requests.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_ajp: Possible request smuggling", title: "Vulnerability summary", }, { category: "other", text: "This flaw only affects configurations with mod_proxy_ajp loaded and with an AJP backend configured. If there is no proxy configured to an AJP backend the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_proxy_ajp module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there are no directives forwarding requests using the AJP protocol.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-36760", }, { category: "external", summary: "RHBZ#2161777", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-36760", url: "https://www.cve.org/CVERecord?id=CVE-2022-36760", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-36760", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-36760", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_ajp: Possible request smuggling", }, { cve: "CVE-2022-37436", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-01-17T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2161773", }, ], notes: [ { category: "description", text: "A flaw was found in the mod_proxy module of httpd. A malicious backend can cause the response headers to be truncated because they are not cleaned when an error is found while reading them, resulting in some headers being incorporated into the response body and not being interpreted by a client.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy: HTTP response splitting", title: "Vulnerability summary", }, { category: "other", text: "This flaw is only exploitable via bad headers generated by a malicious backend or a malicious application.\n\nhttpd as shipped in Red Hat Enterprise Linux 7, 8, 9 and in RHSCL is vulnerable to this flaw. httpd as shipped in Red Hat Enterprise Linux 6 is not affected.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-37436", }, { category: "external", summary: "RHBZ#2161773", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-37436", url: "https://www.cve.org/CVERecord?id=CVE-2022-37436", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-37436", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", url: "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2022-37436", }, ], release_date: "2023-01-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. It's recommended to update the affected packages as soon as an update is available.", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy: HTTP response splitting", }, { cve: "CVE-2022-48279", cwe: { id: "CWE-1389", name: "Incorrect Parsing of Numbers with Different Radices", }, discovery_date: "2023-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2163622", }, ], notes: [ { category: "description", text: "A vulnerability was found in ModSecurity. This issue occurs when HTTP multipart requests are incorrectly parsed and could bypass the Web Application Firewall. NOTE: This is related to CVE-2022-39956, but can be considered independent changes to the ModSecurity (C language) codebase.", title: "Vulnerability description", }, { category: "summary", text: "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-48279", }, { category: "external", summary: "RHBZ#2163622", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163622", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-48279", url: "https://www.cve.org/CVERecord?id=CVE-2022-48279", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-48279", }, ], release_date: "2023-01-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "mod_security: incorrect parsing of HTTP multipart requests leads to web application firewall bypass", }, { cve: "CVE-2023-24021", cwe: { id: "CWE-402", name: "Transmission of Private Resources into a New Sphere ('Resource Leak')", }, discovery_date: "2023-01-24T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2163615", }, ], notes: [ { category: "description", text: "A vulnerability was found in ModSecurity. This issue occurs when FILES_TMP_CONTENT lacks complete content, which can lead to a Web Application Firewall bypass.", title: "Vulnerability description", }, { category: "summary", text: "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24021", }, { category: "external", summary: "RHBZ#2163615", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2163615", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24021", url: "https://www.cve.org/CVERecord?id=CVE-2023-24021", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24021", }, ], release_date: "2023-01-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "modsecurity: lacking the complete content in FILES_TMP_CONTENT leads to web application firewall bypass", }, { cve: "CVE-2023-27522", cwe: { id: "CWE-113", name: "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", }, discovery_date: "2023-03-07T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2176211", }, ], notes: [ { category: "description", text: "An HTTP Response Smuggling vulnerability was found in the Apache HTTP Server via mod_proxy_uwsgi. This security issue occurs when special characters in the origin response header can truncate or split the response forwarded to the client.", title: "Vulnerability description", }, { category: "summary", text: "httpd: mod_proxy_uwsgi HTTP response splitting", title: "Vulnerability summary", }, { category: "other", text: "The HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi has been categorized as moderate severity for Red Hat Enterprise Linux due to several technical factors. While the potential impact of this vulnerability is significant, its exploitation requires specific conditions, including the presence of mod_proxy_uwsgi and the ability to inject specially crafted headers into requests. Additionally, successful exploitation depends on the specific configuration of the server and the network environment. Furthermore, the vulnerability primarily affects the integrity and reliability of HTTP responses, rather than directly leading to remote code execution or unauthorized access. Therefore, the likelihood of exploitation and the potential impact on affected systems have been evaluated as moderate, warranting attention and remediation but not categorized as important.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27522", }, { category: "external", summary: "RHBZ#2176211", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2176211", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27522", url: "https://www.cve.org/CVERecord?id=CVE-2023-27522", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27522", }, { category: "external", summary: "https://httpd.apache.org/security/vulnerabilities_24.html", url: "https://httpd.apache.org/security/vulnerabilities_24.html", }, ], release_date: "2023-03-07T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "workaround", details: "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", product_ids: [ "Red Hat JBoss Core Services 1", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "httpd: mod_proxy_uwsgi HTTP response splitting", }, { acknowledgments: [ { names: [ "Wei Chong Tan", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28319", cwe: { id: "CWE-416", name: "Use After Free", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196778", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed.", title: "Vulnerability description", }, { category: "summary", text: "curl: use after free in SSH sha256 fingerprint check", title: "Vulnerability summary", }, { category: "other", text: "This vulnerability does not affect the Curl package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28319", }, { category: "external", summary: "RHBZ#2196778", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28319", url: "https://www.cve.org/CVERecord?id=CVE-2023-28319", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28319", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28319.html", url: "https://curl.se/docs/CVE-2023-28319.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: use after free in SSH sha256 fingerprint check", }, { acknowledgments: [ { names: [ "Hiroki Kurosawa", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28321", cwe: { id: "CWE-295", name: "Improper Certificate Validation", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196786", }, ], notes: [ { category: "description", text: "A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.", title: "Vulnerability description", }, { category: "summary", text: "curl: IDN wildcard match may lead to Improper Cerificate Validation", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28321", }, { category: "external", summary: "RHBZ#2196786", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28321", url: "https://www.cve.org/CVERecord?id=CVE-2023-28321", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28321", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28321.html", url: "https://curl.se/docs/CVE-2023-28321.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: IDN wildcard match may lead to Improper Cerificate Validation", }, { acknowledgments: [ { names: [ "Hiroki Kurosawa", "Daniel Stenberg", ], }, ], cve: "CVE-2023-28322", cwe: { id: "CWE-440", name: "Expected Behavior Violation", }, discovery_date: "2023-05-10T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2196793", }, ], notes: [ { category: "description", text: "A use-after-free flaw was found in the Curl package. This issue may lead to unintended information disclosure by the application.", title: "Vulnerability description", }, { category: "summary", text: "curl: more POST-after-PUT confusion", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28322", }, { category: "external", summary: "RHBZ#2196793", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28322", url: "https://www.cve.org/CVERecord?id=CVE-2023-28322", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28322", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-28322.html", url: "https://curl.se/docs/CVE-2023-28322.html", }, ], release_date: "2023-05-17T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: more POST-after-PUT confusion", }, { cve: "CVE-2023-28484", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185994", }, ], notes: [ { category: "description", text: "A NULL pointer dereference vulnerability was found in libxml2. This issue occurs when parsing (invalid) XML schemas.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: NULL dereference in xmlSchemaFixupComplexType", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28484", }, { category: "external", summary: "RHBZ#2185994", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185994", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28484", url: "https://www.cve.org/CVERecord?id=CVE-2023-28484", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28484", }, ], release_date: "2023-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: NULL dereference in xmlSchemaFixupComplexType", }, { cve: "CVE-2023-29469", cwe: { id: "CWE-20", name: "Improper Input Validation", }, discovery_date: "2023-04-11T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2185984", }, ], notes: [ { category: "description", text: "A flaw was found in libxml2. This issue occurs when hashing empty strings which aren't null-terminated, xmlDictComputeFastKey could produce inconsistent results, which may lead to various logic or memory errors, including double free errors.", title: "Vulnerability description", }, { category: "summary", text: "libxml2: Hashing of empty dict strings isn't deterministic", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "Red Hat JBoss Core Services 1", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-29469", }, { category: "external", summary: "RHBZ#2185984", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2185984", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-29469", url: "https://www.cve.org/CVERecord?id=CVE-2023-29469", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-29469", }, ], release_date: "2023-04-11T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-08-15T17:37:09+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "Red Hat JBoss Core Services 1", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4628", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "Red Hat JBoss Core Services 1", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "libxml2: Hashing of empty dict strings isn't deterministic", }, ], }
RHSA-2023:4910
Vulnerability from csaf_redhat
Published
2023-09-04 12:24
Modified
2025-03-03 16:49
Summary
Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
Notes
Topic
Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.
Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)
* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server.\n\nRed Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.\n\nThis release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.\n\nSecurity Fix(es):\n\n* apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)\n\n* apr: Windows out-of-bounds write in apr_socket_sendv function (CVE-2022-28331)\n\n* tomcat: Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)\n\n* jws5-tomcat: tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)\n\n* tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:4910", url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=webserver&version=5.7", url: "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=webserver&version=5.7", }, { category: "external", summary: "2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "2180856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180856", }, { category: "external", summary: "2210321", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2210321", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4910.json", }, ], title: "Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update", tracking: { current_release_date: "2025-03-03T16:49:20+00:00", generator: { date: "2025-03-03T16:49:20+00:00", engine: { name: "Red Hat SDEngine", version: "4.3.1", }, }, id: "RHSA-2023:4910", initial_release_date: "2023-09-04T12:24:13+00:00", revision_history: [ { date: "2023-09-04T12:24:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-09-04T12:24:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-03T16:49:20+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "JWS 5.7.4 release", product: { name: "JWS 5.7.4 release", product_id: "JWS 5.7.4 release", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_enterprise_web_server:5.7", }, }, }, ], category: "product_family", name: "Red Hat JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", cwe: { id: "CWE-190", name: "Integer Overflow or Wraparound", }, discovery_date: "2023-02-13T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2169465", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.", title: "Vulnerability description", }, { category: "summary", text: "apr: integer overflow/wraparound in apr_encode", title: "Vulnerability summary", }, { category: "other", text: "Versions of \"apr-util\" shipped with Red Hat Enterprise Linux-6, 7, 8, and 9 are not affected. \"apr_encode_*\" API, which contains the affected code was added in apr-utils v1.7.0, whereas, RHEL ships apr-util v1.6.1 and lower.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-24963", }, { category: "external", summary: "RHBZ#2169465", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2169465", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-24963", url: "https://www.cve.org/CVERecord?id=CVE-2022-24963", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-24963", }, { category: "external", summary: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", url: "https://lists.apache.org/thread/fw9p6sdncwsjkstwc066vz57xqzfksq9", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: integer overflow/wraparound in apr_encode", }, { cve: "CVE-2022-28331", cwe: { id: "CWE-787", name: "Out-of-bounds Write", }, discovery_date: "2023-02-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172556", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affects Windows environments.", title: "Vulnerability description", }, { category: "summary", text: "apr: Windows out-of-bounds write in apr_socket_sendv function", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2022-28331", }, { category: "external", summary: "RHBZ#2172556", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172556", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2022-28331", url: "https://www.cve.org/CVERecord?id=CVE-2022-28331", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", }, { category: "external", summary: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], release_date: "2023-01-31T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "apr: Windows out-of-bounds write in apr_socket_sendv function", }, { cve: "CVE-2023-24998", cwe: { id: "CWE-770", name: "Allocation of Resources Without Limits or Throttling", }, discovery_date: "2023-02-20T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2172298", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.\r\n\r\nWhile Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Vulnerability description", }, { category: "summary", text: "FileUpload: FileUpload DoS with excessive parts", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-24998", }, { category: "external", summary: "RHBZ#2172298", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2172298", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-24998", url: "https://www.cve.org/CVERecord?id=CVE-2023-24998", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-24998", }, { category: "external", summary: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", url: "https://commons.apache.org/proper/commons-fileupload/security-reports.html#Fixed_in_Apache_Commons_FileUpload_1.5", }, ], release_date: "2023-02-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "FileUpload: FileUpload DoS with excessive parts", }, { cve: "CVE-2023-28708", cwe: { id: "CWE-200", name: "Exposure of Sensitive Information to an Unauthorized Actor", }, discovery_date: "2023-03-22T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2180856", }, ], notes: [ { category: "description", text: "\nWhen using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.\n\n\n\n\n\n\n\n", title: "Vulnerability description", }, { category: "summary", text: "tomcat: not including the secure attribute causes information disclosure", title: "Vulnerability summary", }, { category: "other", text: "CVE-2023-28708 only potentially impacts a Tomcat configuration using a RemoteIpFilter behind a proxy or loadbalancer that sets an X-Forwarded-Proto request header with a value of https. If you do not use RemoteIpFilter in such a configuration, then the vulnerability would not have any impact on you\n\nRed Hat Satellite does not include the affected Apache Tomcat, however, Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28708", }, { category: "external", summary: "RHBZ#2180856", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2180856", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28708", url: "https://www.cve.org/CVERecord?id=CVE-2023-28708", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28708", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28708", }, { category: "external", summary: "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471", url: "https://bz.apache.org/bugzilla/show_bug.cgi?id=66471", }, { category: "external", summary: "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", url: "https://lists.apache.org/thread/hdksc59z3s7tm39x0pp33mtwdrt8qr67", }, ], release_date: "2023-03-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "workaround", details: "For possible impact and workaround, please refer to: https://access.redhat.com/solutions/7004796", product_ids: [ "JWS 5.7.4 release", ], }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: not including the secure attribute causes information disclosure", }, { cve: "CVE-2023-28709", cwe: { id: "CWE-193", name: "Off-by-one Error", }, discovery_date: "2023-05-26T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2210321", }, ], notes: [ { category: "description", text: "A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.", title: "Vulnerability description", }, { category: "summary", text: "tomcat: Fix for CVE-2023-24998 was incomplete", title: "Vulnerability summary", }, { category: "other", text: "The impact for this flaw is considered moderate to match the Apache Software Foundation impact, considering the non-default configuration in CVE description.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "JWS 5.7.4 release", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-28709", }, { category: "external", summary: "RHBZ#2210321", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2210321", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-28709", url: "https://www.cve.org/CVERecord?id=CVE-2023-28709", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-28709", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-28709", }, { category: "external", summary: "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j", url: "https://lists.apache.org/thread/7wvxonzwb7k9hx9jt3q33cmy7j97jo3j", }, ], release_date: "2023-05-22T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-09-04T12:24:13+00:00", details: "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "JWS 5.7.4 release", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:4910", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "JWS 5.7.4 release", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "tomcat: Fix for CVE-2023-24998 was incomplete", }, ], }
fkie_cve-2022-28331
Vulnerability from fkie_nvd
Published
2023-01-31 16:15
Modified
2025-03-27 15:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@apache.org | https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r | Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r | Mailing List, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | portable_runtime | * | |
| microsoft | windows | - |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "1DB0978A-CC7C-49E0-8C5D-578F538F25F1", versionEndIncluding: "1.7.0", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", matchCriteriaId: "A2572D17-1DE6-457B-99CC-64AFD54487EA", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, ], cveTags: [], descriptions: [ { lang: "en", value: "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", }, { lang: "es", value: "En Windows, Apache Portable Runtime 1.7.0 y versiones anteriores pueden escribir más allá del final de un búfer basado en pila en apr_socket_sendv(). Este es el resultado del desbordamiento de enteros.", }, ], id: "CVE-2022-28331", lastModified: "2025-03-27T15:15:37.330", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-01-31T16:15:08.977", references: [ { source: "security@apache.org", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], sourceIdentifier: "security@apache.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-190", }, ], source: "security@apache.org", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-190", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
gsd-2022-28331
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
Aliases
Aliases
{ GSD: { alias: "CVE-2022-28331", id: "GSD-2022-28331", references: [ "https://www.suse.com/security/cve/CVE-2022-28331.html", ], }, gsd: { metadata: { exploitCode: "unknown", remediation: "unknown", reportConfidence: "confirmed", type: "vulnerability", }, osvSchema: { aliases: [ "CVE-2022-28331", ], details: "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", id: "GSD-2022-28331", modified: "2023-12-13T01:19:34.782590Z", schema_version: "1.4.0", }, }, namespaces: { "cve.org": { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-28331", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Apache Portable Runtime (APR)", version: { version_data: [ { version_affected: "<=", version_name: "0", version_value: "1.7.0", }, ], }, }, ], }, vendor_name: "Apache Software Foundation", }, ], }, }, credits: [ { lang: "en", value: "Ronald Crane (Zippenhop LLC)", }, ], data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", }, ], }, generator: { engine: "Vulnogram 0.1.0-dev", }, problemtype: { problemtype_data: [ { description: [ { cweId: "CWE-190", lang: "eng", value: "CWE-190 Integer Overflow or Wraparound", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", refsource: "MISC", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], }, source: { discovery: "UNKNOWN", }, }, "nvd.nist.gov": { configurations: { CVE_data_version: "4.0", nodes: [ { children: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "1.7.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", cpe_name: [], vulnerable: false, }, ], operator: "OR", }, ], cpe_match: [], operator: "AND", }, ], }, cve: { CVE_data_meta: { ASSIGNER: "security@apache.org", ID: "CVE-2022-28331", }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "en", value: "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "en", value: "CWE-190", }, ], }, ], }, references: { reference_data: [ { name: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", refsource: "MISC", tags: [ "Mailing List", "Vendor Advisory", ], url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], }, }, impact: { baseMetricV3: { cvssV3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, }, }, lastModifiedDate: "2023-07-07T16:15Z", publishedDate: "2023-01-31T16:15Z", }, }, }
WID-SEC-W-2023-1424
Vulnerability from csaf_certbund
Published
2023-06-12 22:00
Modified
2023-06-12 22:00
Summary
Xerox FreeFlow Print Server für Solaris: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme
- UNIX
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1424 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1424.json", }, { category: "self", summary: "WID-SEC-2023-1424 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1424", }, { category: "external", summary: "Xerox Security Bulletin vom 2023-06-12", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-009-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, ], source_lang: "en-US", title: "Xerox FreeFlow Print Server für Solaris: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-12T22:00:00.000+00:00", generator: { date: "2024-08-15T17:52:15.756+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1424", initial_release_date: "2023-06-12T22:00:00.000+00:00", revision_history: [ { date: "2023-06-12T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Xerox FreeFlow Print Server v9 for Solaris", product: { name: "Xerox FreeFlow Print Server v9 for Solaris", product_id: "T028053", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9_for_solaris", }, }, }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28176", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28176", }, { cve: "CVE-2023-28164", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28164", }, { cve: "CVE-2023-28163", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28163", }, { cve: "CVE-2023-28162", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28162", }, { cve: "CVE-2023-27522", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-27522", }, { cve: "CVE-2023-25752", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25752", }, { cve: "CVE-2023-25751", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25751", }, { cve: "CVE-2023-25746", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25746", }, { cve: "CVE-2023-25744", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25744", }, { cve: "CVE-2023-25743", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25743", }, { cve: "CVE-2023-25742", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25742", }, { cve: "CVE-2023-25739", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25739", }, { cve: "CVE-2023-25738", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25738", }, { cve: "CVE-2023-25737", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25737", }, { cve: "CVE-2023-25735", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25735", }, { cve: "CVE-2023-25734", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25734", }, { cve: "CVE-2023-25732", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25732", }, { cve: "CVE-2023-25730", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25730", }, { cve: "CVE-2023-25729", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25729", }, { cve: "CVE-2023-25728", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25728", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-24807", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-24807", }, { cve: "CVE-2023-24580", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-24580", }, { cve: "CVE-2023-23969", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23969", }, { cve: "CVE-2023-23946", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23946", }, { cve: "CVE-2023-23936", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23936", }, { cve: "CVE-2023-23920", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23920", }, { cve: "CVE-2023-23919", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23919", }, { cve: "CVE-2023-23918", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23918", }, { cve: "CVE-2023-23605", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23605", }, { cve: "CVE-2023-23603", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23603", }, { cve: "CVE-2023-23602", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23602", }, { cve: "CVE-2023-23601", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23601", }, { cve: "CVE-2023-23599", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23599", }, { cve: "CVE-2023-23598", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23598", }, { cve: "CVE-2023-22809", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-22809", }, { cve: "CVE-2023-22490", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-22490", }, { cve: "CVE-2023-22003", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-22003", }, { cve: "CVE-2023-21985", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21985", }, { cve: "CVE-2023-21984", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21984", }, { cve: "CVE-2023-21928", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21928", }, { cve: "CVE-2023-21896", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21896", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21840", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21840", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-0804", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0804", }, { cve: "CVE-2023-0803", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0803", }, { cve: "CVE-2023-0802", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0802", }, { cve: "CVE-2023-0801", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0801", }, { cve: "CVE-2023-0800", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0800", }, { cve: "CVE-2023-0799", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0799", }, { cve: "CVE-2023-0798", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0798", }, { cve: "CVE-2023-0797", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0797", }, { cve: "CVE-2023-0796", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0796", }, { cve: "CVE-2023-0795", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0795", }, { cve: "CVE-2023-0767", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0767", }, { cve: "CVE-2023-0662", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0662", }, { cve: "CVE-2023-0616", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0616", }, { cve: "CVE-2023-0568", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0568", }, { cve: "CVE-2023-0567", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0567", }, { cve: "CVE-2023-0430", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0430", }, { cve: "CVE-2023-0417", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0417", }, { cve: "CVE-2023-0416", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0416", }, { cve: "CVE-2023-0415", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0415", }, { cve: "CVE-2023-0414", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0414", }, { cve: "CVE-2023-0413", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0413", }, { cve: "CVE-2023-0412", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0412", }, { cve: "CVE-2023-0411", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0411", }, { cve: "CVE-2023-0401", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0401", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0217", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0217", }, { cve: "CVE-2023-0216", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0216", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2022-48281", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-48281", }, { cve: "CVE-2022-46877", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46877", }, { cve: "CVE-2022-46874", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46874", }, { cve: "CVE-2022-46871", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46871", }, { cve: "CVE-2022-46344", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46344", }, { cve: "CVE-2022-46343", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46343", }, { cve: "CVE-2022-46342", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46342", }, { cve: "CVE-2022-46341", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46341", }, { cve: "CVE-2022-46340", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46340", }, { cve: "CVE-2022-45939", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-45939", }, { cve: "CVE-2022-45199", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-45199", }, { cve: "CVE-2022-45143", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-45143", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-4345", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4345", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-42919", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42919", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-4283", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4283", }, { cve: "CVE-2022-4203", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4203", }, { cve: "CVE-2022-42012", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42012", }, { cve: "CVE-2022-42011", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42011", }, { cve: "CVE-2022-42010", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42010", }, { cve: "CVE-2022-41903", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-41903", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41715", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-41715", }, { cve: "CVE-2022-40898", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-40898", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-39253", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-39253", }, { cve: "CVE-2022-3924", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3924", }, { cve: "CVE-2022-38784", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-38784", }, { cve: "CVE-2022-38171", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-38171", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-3736", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3736", }, { cve: "CVE-2022-3705", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3705", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-36114", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36114", }, { cve: "CVE-2022-36113", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36113", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3515", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3515", }, { cve: "CVE-2022-3352", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3352", }, { cve: "CVE-2022-3324", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3324", }, { cve: "CVE-2022-3297", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3297", }, { cve: "CVE-2022-3296", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3296", }, { cve: "CVE-2022-3278", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3278", }, { cve: "CVE-2022-3256", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3256", }, { cve: "CVE-2022-3235", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3235", }, { cve: "CVE-2022-3234", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3234", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-32190", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32190", }, { cve: "CVE-2022-32189", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32189", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-3153", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3153", }, { cve: "CVE-2022-3134", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3134", }, { cve: "CVE-2022-3099", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3099", }, { cve: "CVE-2022-3094", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3094", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-30634", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30634", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-3037", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3037", }, { cve: "CVE-2022-3016", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3016", }, { cve: "CVE-2022-29804", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-29804", }, { cve: "CVE-2022-2980", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2980", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-2946", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2946", }, { cve: "CVE-2022-2929", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2929", }, { cve: "CVE-2022-2928", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2928", }, { cve: "CVE-2022-2923", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2923", }, { cve: "CVE-2022-2889", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2889", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-2879", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2879", }, { cve: "CVE-2022-2874", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2874", }, { cve: "CVE-2022-2862", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2862", }, { cve: "CVE-2022-2849", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2849", }, { cve: "CVE-2022-2845", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2845", }, { cve: "CVE-2022-28331", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-28331", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-2819", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2819", }, { cve: "CVE-2022-2817", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2817", }, { cve: "CVE-2022-2816", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2816", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-27778", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27778", }, { cve: "CVE-2022-27664", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27664", }, { cve: "CVE-2022-27536", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27536", }, { cve: "CVE-2022-27337", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27337", }, { cve: "CVE-2022-25255", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-25255", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-24963", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-24963", }, { cve: "CVE-2022-24675", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-24675", }, { cve: "CVE-2022-23521", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-23521", }, { cve: "CVE-2022-2309", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2309", }, { cve: "CVE-2022-21515", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-21515", }, { cve: "CVE-2022-21349", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-21349", }, { cve: "CVE-2022-21291", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-21291", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1292", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1292", }, { cve: "CVE-2022-1122", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1122", }, { cve: "CVE-2022-0718", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-0718", }, { cve: "CVE-2021-37750", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-37750", }, { cve: "CVE-2021-37519", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-37519", }, { cve: "CVE-2021-35940", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-35940", }, { cve: "CVE-2021-30860", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-30860", }, { cve: "CVE-2021-29338", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-29338", }, { cve: "CVE-2018-25032", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2018-25032", }, { cve: "CVE-2017-12613", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2017-12613", }, { cve: "CVE-2006-20001", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2006-20001", }, ], }
wid-sec-w-2023-1424
Vulnerability from csaf_certbund
Published
2023-06-12 22:00
Modified
2023-06-12 22:00
Summary
Xerox FreeFlow Print Server für Solaris: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.
Betroffene Betriebssysteme
- UNIX
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "FreeFlow-Druckserver ist eine Druckserveranwendung für Xerox-Produktionsdrucker, die Flexibilität, umfangreiche Workflow-Optionen und eine Farbverwaltung bietet.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein Angreifer kann mehrere Schwachstellen in Xerox FreeFlow Print Server ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", title: "Angriff", }, { category: "general", text: "- UNIX", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-1424 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1424.json", }, { category: "self", summary: "WID-SEC-2023-1424 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1424", }, { category: "external", summary: "Xerox Security Bulletin vom 2023-06-12", url: "https://securitydocs.business.xerox.com/wp-content/uploads/2023/06/Xerox-Security-Bulletin-XRX23-009-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v9.pdf", }, ], source_lang: "en-US", title: "Xerox FreeFlow Print Server für Solaris: Mehrere Schwachstellen", tracking: { current_release_date: "2023-06-12T22:00:00.000+00:00", generator: { date: "2024-08-15T17:52:15.756+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-1424", initial_release_date: "2023-06-12T22:00:00.000+00:00", revision_history: [ { date: "2023-06-12T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Xerox FreeFlow Print Server v9 for Solaris", product: { name: "Xerox FreeFlow Print Server v9 for Solaris", product_id: "T028053", product_identification_helper: { cpe: "cpe:/a:xerox:freeflow_print_server:v9_for_solaris", }, }, }, ], category: "vendor", name: "Xerox", }, ], }, vulnerabilities: [ { cve: "CVE-2023-28708", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28708", }, { cve: "CVE-2023-28176", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28176", }, { cve: "CVE-2023-28164", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28164", }, { cve: "CVE-2023-28163", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28163", }, { cve: "CVE-2023-28162", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-28162", }, { cve: "CVE-2023-27522", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-27522", }, { cve: "CVE-2023-25752", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25752", }, { cve: "CVE-2023-25751", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25751", }, { cve: "CVE-2023-25746", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25746", }, { cve: "CVE-2023-25744", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25744", }, { cve: "CVE-2023-25743", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25743", }, { cve: "CVE-2023-25742", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25742", }, { cve: "CVE-2023-25739", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25739", }, { cve: "CVE-2023-25738", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25738", }, { cve: "CVE-2023-25737", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25737", }, { cve: "CVE-2023-25735", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25735", }, { cve: "CVE-2023-25734", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25734", }, { cve: "CVE-2023-25732", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25732", }, { cve: "CVE-2023-25730", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25730", }, { cve: "CVE-2023-25729", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25729", }, { cve: "CVE-2023-25728", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25728", }, { cve: "CVE-2023-25690", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-25690", }, { cve: "CVE-2023-24998", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-24998", }, { cve: "CVE-2023-24807", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-24807", }, { cve: "CVE-2023-24580", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-24580", }, { cve: "CVE-2023-23969", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23969", }, { cve: "CVE-2023-23946", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23946", }, { cve: "CVE-2023-23936", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23936", }, { cve: "CVE-2023-23920", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23920", }, { cve: "CVE-2023-23919", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23919", }, { cve: "CVE-2023-23918", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23918", }, { cve: "CVE-2023-23605", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23605", }, { cve: "CVE-2023-23603", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23603", }, { cve: "CVE-2023-23602", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23602", }, { cve: "CVE-2023-23601", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23601", }, { cve: "CVE-2023-23599", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23599", }, { cve: "CVE-2023-23598", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-23598", }, { cve: "CVE-2023-22809", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-22809", }, { cve: "CVE-2023-22490", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-22490", }, { cve: "CVE-2023-22003", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-22003", }, { cve: "CVE-2023-21985", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21985", }, { cve: "CVE-2023-21984", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21984", }, { cve: "CVE-2023-21928", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21928", }, { cve: "CVE-2023-21896", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21896", }, { cve: "CVE-2023-21843", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21843", }, { cve: "CVE-2023-21840", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21840", }, { cve: "CVE-2023-21830", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-21830", }, { cve: "CVE-2023-0804", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0804", }, { cve: "CVE-2023-0803", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0803", }, { cve: "CVE-2023-0802", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0802", }, { cve: "CVE-2023-0801", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0801", }, { cve: "CVE-2023-0800", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0800", }, { cve: "CVE-2023-0799", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0799", }, { cve: "CVE-2023-0798", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0798", }, { cve: "CVE-2023-0797", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0797", }, { cve: "CVE-2023-0796", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0796", }, { cve: "CVE-2023-0795", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0795", }, { cve: "CVE-2023-0767", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0767", }, { cve: "CVE-2023-0662", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0662", }, { cve: "CVE-2023-0616", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0616", }, { cve: "CVE-2023-0568", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0568", }, { cve: "CVE-2023-0567", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0567", }, { cve: "CVE-2023-0430", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0430", }, { cve: "CVE-2023-0417", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0417", }, { cve: "CVE-2023-0416", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0416", }, { cve: "CVE-2023-0415", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0415", }, { cve: "CVE-2023-0414", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0414", }, { cve: "CVE-2023-0413", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0413", }, { cve: "CVE-2023-0412", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0412", }, { cve: "CVE-2023-0411", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0411", }, { cve: "CVE-2023-0401", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0401", }, { cve: "CVE-2023-0286", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0286", }, { cve: "CVE-2023-0217", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0217", }, { cve: "CVE-2023-0216", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0216", }, { cve: "CVE-2023-0215", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2023-0215", }, { cve: "CVE-2022-48281", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-48281", }, { cve: "CVE-2022-46877", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46877", }, { cve: "CVE-2022-46874", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46874", }, { cve: "CVE-2022-46871", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46871", }, { cve: "CVE-2022-46344", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46344", }, { cve: "CVE-2022-46343", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46343", }, { cve: "CVE-2022-46342", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46342", }, { cve: "CVE-2022-46341", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46341", }, { cve: "CVE-2022-46340", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-46340", }, { cve: "CVE-2022-45939", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-45939", }, { cve: "CVE-2022-45199", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-45199", }, { cve: "CVE-2022-45143", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-45143", }, { cve: "CVE-2022-4450", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4450", }, { cve: "CVE-2022-4345", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4345", }, { cve: "CVE-2022-4304", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4304", }, { cve: "CVE-2022-42919", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42919", }, { cve: "CVE-2022-42916", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42916", }, { cve: "CVE-2022-42915", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42915", }, { cve: "CVE-2022-42898", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42898", }, { cve: "CVE-2022-4283", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4283", }, { cve: "CVE-2022-4203", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-4203", }, { cve: "CVE-2022-42012", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42012", }, { cve: "CVE-2022-42011", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42011", }, { cve: "CVE-2022-42010", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-42010", }, { cve: "CVE-2022-41903", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-41903", }, { cve: "CVE-2022-41716", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-41716", }, { cve: "CVE-2022-41715", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-41715", }, { cve: "CVE-2022-40898", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-40898", }, { cve: "CVE-2022-40304", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-40304", }, { cve: "CVE-2022-40303", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-40303", }, { cve: "CVE-2022-39253", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-39253", }, { cve: "CVE-2022-3924", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3924", }, { cve: "CVE-2022-38784", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-38784", }, { cve: "CVE-2022-38171", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-38171", }, { cve: "CVE-2022-37436", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-37436", }, { cve: "CVE-2022-3736", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3736", }, { cve: "CVE-2022-3705", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3705", }, { cve: "CVE-2022-36760", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36760", }, { cve: "CVE-2022-36227", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36227", }, { cve: "CVE-2022-36114", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36114", }, { cve: "CVE-2022-36113", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-36113", }, { cve: "CVE-2022-35260", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-35260", }, { cve: "CVE-2022-35252", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-35252", }, { cve: "CVE-2022-3515", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3515", }, { cve: "CVE-2022-3352", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3352", }, { cve: "CVE-2022-3324", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3324", }, { cve: "CVE-2022-3297", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3297", }, { cve: "CVE-2022-3296", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3296", }, { cve: "CVE-2022-3278", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3278", }, { cve: "CVE-2022-3256", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3256", }, { cve: "CVE-2022-3235", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3235", }, { cve: "CVE-2022-3234", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3234", }, { cve: "CVE-2022-32221", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32221", }, { cve: "CVE-2022-32208", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32208", }, { cve: "CVE-2022-32207", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32207", }, { cve: "CVE-2022-32206", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32206", }, { cve: "CVE-2022-32205", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32205", }, { cve: "CVE-2022-32190", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32190", }, { cve: "CVE-2022-32189", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32189", }, { cve: "CVE-2022-32148", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-32148", }, { cve: "CVE-2022-3153", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3153", }, { cve: "CVE-2022-3134", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3134", }, { cve: "CVE-2022-3099", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3099", }, { cve: "CVE-2022-3094", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3094", }, { cve: "CVE-2022-30635", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30635", }, { cve: "CVE-2022-30634", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30634", }, { cve: "CVE-2022-30633", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30633", }, { cve: "CVE-2022-30632", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30632", }, { cve: "CVE-2022-30631", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30631", }, { cve: "CVE-2022-30630", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30630", }, { cve: "CVE-2022-30629", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30629", }, { cve: "CVE-2022-30580", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-30580", }, { cve: "CVE-2022-3037", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3037", }, { cve: "CVE-2022-3016", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-3016", }, { cve: "CVE-2022-29804", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-29804", }, { cve: "CVE-2022-2980", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2980", }, { cve: "CVE-2022-29526", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-29526", }, { cve: "CVE-2022-2946", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2946", }, { cve: "CVE-2022-2929", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2929", }, { cve: "CVE-2022-2928", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2928", }, { cve: "CVE-2022-2923", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2923", }, { cve: "CVE-2022-2889", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2889", }, { cve: "CVE-2022-2880", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2880", }, { cve: "CVE-2022-2879", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2879", }, { cve: "CVE-2022-2874", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2874", }, { cve: "CVE-2022-2862", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2862", }, { cve: "CVE-2022-2849", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2849", }, { cve: "CVE-2022-2845", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2845", }, { cve: "CVE-2022-28331", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-28331", }, { cve: "CVE-2022-28327", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-28327", }, { cve: "CVE-2022-2819", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2819", }, { cve: "CVE-2022-2817", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2817", }, { cve: "CVE-2022-2816", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2816", }, { cve: "CVE-2022-28131", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-28131", }, { cve: "CVE-2022-27778", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27778", }, { cve: "CVE-2022-27664", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27664", }, { cve: "CVE-2022-27536", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27536", }, { cve: "CVE-2022-27337", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-27337", }, { cve: "CVE-2022-25255", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-25255", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-24963", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-24963", }, { cve: "CVE-2022-24675", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-24675", }, { cve: "CVE-2022-23521", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-23521", }, { cve: "CVE-2022-2309", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-2309", }, { cve: "CVE-2022-21515", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-21515", }, { cve: "CVE-2022-21349", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-21349", }, { cve: "CVE-2022-21291", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-21291", }, { cve: "CVE-2022-1962", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1962", }, { cve: "CVE-2022-1705", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1705", }, { cve: "CVE-2022-1292", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1292", }, { cve: "CVE-2022-1122", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-1122", }, { cve: "CVE-2022-0718", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2022-0718", }, { cve: "CVE-2021-37750", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-37750", }, { cve: "CVE-2021-37519", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-37519", }, { cve: "CVE-2021-35940", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-35940", }, { cve: "CVE-2021-30860", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-30860", }, { cve: "CVE-2021-29338", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2021-29338", }, { cve: "CVE-2018-25032", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2018-25032", }, { cve: "CVE-2017-12613", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2017-12613", }, { cve: "CVE-2006-20001", notes: [ { category: "description", text: "In Xerox FreeFlow Print Server existieren mehrere Schwachstellen im Zusammenhang mit bekannten Java, Apache und Mozilla Firefox Schwachstellen. Ein Angreifer kann diese ausnutzen, um die Vertraulichkeit, Verfügbarkeit und Integrität des Systems zu gefährden.", }, ], product_status: { known_affected: [ "T028053", ], }, release_date: "2023-06-12T22:00:00.000+00:00", title: "CVE-2006-20001", }, ], }
WID-SEC-W-2023-0245
Vulnerability from csaf_certbund
Published
2023-01-31 23:00
Modified
2024-05-12 22:00
Summary
Apache Portable Runtime (APR): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Portable Runtime (APR) ist eine unterstützende Bibliothek für den Apache Web Server.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Apache Portable Runtime (APR) ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Portable Runtime (APR) ist eine unterstützende Bibliothek für den Apache Web Server.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Apache Portable Runtime (APR) ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0245 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0245.json", }, { category: "self", summary: "WID-SEC-2023-0245 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0245", }, { category: "external", summary: "Github Security Advisory GHSA-27j5-c395-8j82 vom 2023-01-31", url: "https://github.com/advisories/GHSA-27j5-c395-8j82", }, { category: "external", summary: "Github Security Advisory GHSA-37mv-q3x5-3mwg vom 2023-01-31", url: "https://github.com/advisories/GHSA-37mv-q3x5-3mwg", }, { category: "external", summary: "Eintrag in der OSS-Mailingliste vom 2023-01-31", url: "https://seclists.org/oss-sec/2023/q1/64", }, { category: "external", summary: "Eintrag in der OSS-Mailingliste vom 2023-01-31", url: "https://seclists.org/oss-sec/2023/q1/65", }, { category: "external", summary: "Eintrag in der OSS-Mailingliste vom 2023-01-31", url: "https://seclists.org/oss-sec/2023/q1/63", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0337-1 vom 2023-02-10", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013717.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0338-1 vom 2023-02-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013715.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0324-1 vom 2023-02-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013711.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0389-1 vom 2023-02-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013744.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-1936 vom 2023-02-15", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1936.html", }, { category: "external", summary: "IBM Security Bulletin 6955577 vom 2023-02-14", url: "https://www.ibm.com/support/pages/node/6955577", }, { category: "external", summary: "Ubuntu Security Notice USN-5870-1 vom 2023-02-14", url: "https://ubuntu.com/security/notices/USN-5870-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1684 vom 2023-02-15", url: "https://alas.aws.amazon.com/ALAS-2023-1684.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-1937 vom 2023-02-15", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1937.html", }, { category: "external", summary: "Debian Security Advisory DLA-3332 vom 2023-02-21", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00024.html", }, { category: "external", summary: "IBM Security Bulletin 6958064 vom 2023-02-24", url: "https://www.ibm.com/support/pages/node/6958064", }, { category: "external", summary: "Ubuntu Security Notice USN-5885-1 vom 2023-02-27", url: "https://ubuntu.com/security/notices/USN-5885-1", }, { category: "external", summary: "Debian Security Advisory DSA-5364 vom 2023-02-27", url: "https://www.debian.org/security/2023/dsa-5364", }, { category: "external", summary: "IBM Security Bulletin 6955257 vom 2023-02-28", url: "https://www.ibm.com/support/pages/node/6955577", }, { category: "external", summary: "IBM Security Bulletin 6959883 vom 2023-03-03", url: "https://www.ibm.com/support/pages/node/6959883", }, { category: "external", summary: "Debian Security Advisory DSA-5370 vom 2023-03-07", url: "https://lists.debian.org/debian-security-announce/2023/msg00059.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-7711 vom 2023-12-11", url: "https://linux.oracle.com/errata/ELSA-2023-7711.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7711 vom 2023-12-11", url: "https://access.redhat.com/errata/RHSA-2023:7711", }, { category: "external", summary: "IBM Security Bulletin 6962383 vom 2023-03-09", url: "https://www.ibm.com/support/pages/node/6962383", }, { category: "external", summary: "NetApp Security Advisory NTAP-20240315-0001 vom 2024-03-15", url: "https://security.netapp.com/advisory/ntap-20240315-0001/", }, { category: "external", summary: "IBM Security Bulletin 6967237 vom 2023-03-30", url: "https://www.ibm.com/support/pages/node/6967237", }, { category: "external", summary: "McAfee Security Bulletin SB10399 vom 2023-04-07", url: "https://kcm.trellix.com/corporate/index?page=content&id=SB10399&viewlocale=en_US&platinum_status=false&locale=en_US", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3145 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3145", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3109 vom 2023-05-16", url: "https://access.redhat.com/errata/RHSA-2023:3109", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3147 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3147", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3146 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3146", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3177 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3177", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3178 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3178", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3147 vom 2023-05-18", url: "https://oss.oracle.com/pipermail/el-errata/2023-May/013985.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3145 vom 2023-05-20", url: "https://oss.oracle.com/pipermail/el-errata/2023-May/014014.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3145 vom 2023-05-20", url: "https://oss.oracle.com/pipermail/el-errata/2023-May/014013.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3109 vom 2023-05-26", url: "http://linux.oracle.com/errata/ELSA-2023-3109.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3380 vom 2023-06-03", url: "https://access.redhat.com/errata/RHSA-2023:3380", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3360 vom 2023-06-03", url: "https://access.redhat.com/errata/RHSA-2023:3360", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3355 vom 2023-06-05", url: "https://access.redhat.com/errata/RHSA-2023:3355", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3354 vom 2023-06-05", url: "https://access.redhat.com/errata/RHSA-2023:3354", }, { category: "external", summary: "HCL Article KB0104916 vom 2023-06-06", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104916", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-122 vom 2023-06-20", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-122/index.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2023:3145 vom 2023-07-28", url: "https://lists.centos.org/pipermail/centos-announce/2023-July/086409.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4628 vom 2023-08-15", url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4629 vom 2023-08-15", url: "https://access.redhat.com/errata/RHSA-2023:4629", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4910 vom 2023-09-04", url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4909 vom 2023-09-04", url: "https://access.redhat.com/errata/RHSA-2023:4909", }, { category: "external", summary: "NetApp Security Advisory NTAP-20230908-0008 vom 2023-09-08", url: "https://security.netapp.com/advisory/ntap-20230908-0008/", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2023:7711 vom 2024-05-10", url: "https://errata.build.resf.org/RLSA-2023:7711", }, ], source_lang: "en-US", title: "Apache Portable Runtime (APR): Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-12T22:00:00.000+00:00", generator: { date: "2024-08-15T17:42:50.807+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0245", initial_release_date: "2023-01-31T23:00:00.000+00:00", revision_history: [ { date: "2023-01-31T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-02-09T23:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-13T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-14T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon, IBM und Ubuntu aufgenommen", }, { date: "2023-02-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-02-23T23:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-02-26T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Ubuntu und Debian aufgenommen", }, { date: "2023-02-27T23:00:00.000+00:00", number: "8", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-02T23:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-07T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-03-08T23:00:00.000+00:00", number: "11", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-30T22:00:00.000+00:00", number: "12", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-04-10T22:00:00.000+00:00", number: "13", summary: "Neue Updates von McAfee aufgenommen", }, { date: "2023-05-16T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2023-05-21T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-05-25T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-06-04T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-05T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat und HCL aufgenommen", }, { date: "2023-06-19T22:00:00.000+00:00", number: "20", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-07-30T22:00:00.000+00:00", number: "21", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2023-08-15T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-09-04T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-09-10T22:00:00.000+00:00", number: "24", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2023-12-11T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Oracle Linux und Red Hat aufgenommen", }, { date: "2024-03-14T23:00:00.000+00:00", number: "26", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2024-05-12T22:00:00.000+00:00", number: "27", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, ], status: "final", version: "27", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<=1.6.1", product: { name: "Apache Portable Runtime (APR) <=1.6.1", product_id: "1046480", }, }, { category: "product_version_range", name: "<=1.7.0", product: { name: "Apache Portable Runtime (APR) <=1.7.0", product_id: "T026069", }, }, ], category: "product_name", name: "Portable Runtime (APR)", }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "HCL Commerce", product: { name: "HCL Commerce", product_id: "T019293", product_identification_helper: { cpe: "cpe:/a:hcltechsw:commerce:-", }, }, }, ], category: "vendor", name: "HCL", }, { branches: [ { branches: [ { category: "product_version_range", name: "<10.9.2-01", product: { name: "Hitachi Configuration Manager <10.9.2-01", product_id: "T028206", }, }, ], category: "product_name", name: "Configuration Manager", }, { branches: [ { category: "product_version_range", name: "<10.9.2-01", product: { name: "Hitachi Ops Center <10.9.2-01", product_id: "T028207", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { category: "product_name", name: "IBM Business Automation Workflow", product: { name: "IBM Business Automation Workflow", product_id: "T019704", product_identification_helper: { cpe: "cpe:/a:ibm:business_automation_workflow:-", }, }, }, { branches: [ { category: "product_version", name: "8.5", product: { name: "IBM HTTP Server 8.5", product_id: "T001650", product_identification_helper: { cpe: "cpe:/a:ibm:http_server:8.5", }, }, }, { category: "product_version", name: "9", product: { name: "IBM HTTP Server 9.0", product_id: "T008162", product_identification_helper: { cpe: "cpe:/a:ibm:http_server:9.0", }, }, }, ], category: "product_name", name: "HTTP Server", }, { branches: [ { category: "product_version", name: "9.0.2", product: { name: "IBM Rational ClearCase 9.0.2", product_id: "T021422", product_identification_helper: { cpe: "cpe:/a:ibm:rational_clearcase:9.0.2", }, }, }, { category: "product_version", name: "9.1", product: { name: "IBM Rational ClearCase 9.1", product_id: "T021423", product_identification_helper: { cpe: "cpe:/a:ibm:rational_clearcase:9.1", }, }, }, { category: "product_version", name: "10.0.0", product: { name: "IBM Rational ClearCase 10.0.0", product_id: "T026520", product_identification_helper: { cpe: "cpe:/a:ibm:rational_clearcase:10.0.0", }, }, }, ], category: "product_name", name: "Rational ClearCase", }, { branches: [ { category: "product_version", name: "8.2.1", product: { name: "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1", product_id: "T005246", product_identification_helper: { cpe: "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1", }, }, }, { category: "product_version", name: "8.2.2", product: { name: "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2", product_id: "T007073", product_identification_helper: { cpe: "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2", }, }, }, ], category: "product_name", name: "Security Access Manager for Enterprise Single Sign-On", }, { branches: [ { category: "product_version_range", name: "<6.3.0.7 sp5", product: { name: "IBM Tivoli Monitoring <6.3.0.7 sp5", product_id: "T023377", }, }, ], category: "product_name", name: "Tivoli Monitoring", }, { branches: [ { category: "product_version", name: "8.5", product: { name: "IBM WebSphere Application Server 8.5", product_id: "703851", product_identification_helper: { cpe: "cpe:/a:ibm:websphere_application_server:8.5", }, }, }, ], category: "product_name", name: "WebSphere Application Server", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_name", name: "NetApp Data ONTAP", product: { name: "NetApp Data ONTAP", product_id: "7654", product_identification_helper: { cpe: "cpe:/a:netapp:data_ontap:-", }, }, }, { category: "product_version", name: "9", product: { name: "NetApp Data ONTAP 9", product_id: "T027038", product_identification_helper: { cpe: "cpe:/a:netapp:data_ontap:9", }, }, }, ], category: "product_name", name: "Data ONTAP", }, { category: "product_name", name: "NetApp StorageGRID", product: { name: "NetApp StorageGRID", product_id: "920206", product_identification_helper: { cpe: "cpe:/a:netapp:storagegrid:-", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat JBoss Core Services", product: { name: "Red Hat JBoss Core Services", product_id: "T012412", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:-", }, }, }, { branches: [ { category: "product_version_range", name: "<5.7.4", product: { name: "Red Hat JBoss Web Server <5.7.4", product_id: "T029706", }, }, ], category: "product_name", name: "JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_version_range", name: "<5.10 Service Pack 1", product: { name: "Trellix ePolicy Orchestrator <5.10 Service Pack 1", product_id: "T027117", }, }, ], category: "product_name", name: "ePolicy Orchestrator", }, ], category: "vendor", name: "Trellix", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", notes: [ { category: "description", text: "In Apache Portable Runtime (APR) existieren mehrere Schwachstellen. Diese basieren auf mehreren Integer Overflows, in folge kommt es zu out-of-bounds-writes. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T005246", "67646", "T012412", "T019293", "T004914", "703851", "T027117", "T028206", "T028207", "398363", "T023377", "T027038", "T026520", "7654", "T032255", "T021423", "T021422", "2951", "T002207", "T029706", "T000126", "T019704", "920206", "T001650", "T007073", "T008162", "1727", ], last_affected: [ "1046480", "T026069", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-24963", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Apache Portable Runtime (APR) existieren mehrere Schwachstellen. Diese basieren auf mehreren Integer Overflows, in folge kommt es zu out-of-bounds-writes. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T005246", "67646", "T012412", "T019293", "T004914", "703851", "T027117", "T028206", "T028207", "398363", "T023377", "T027038", "T026520", "7654", "T032255", "T021423", "T021422", "2951", "T002207", "T029706", "T000126", "T019704", "920206", "T001650", "T007073", "T008162", "1727", ], last_affected: [ "1046480", "T026069", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-28331", notes: [ { category: "description", text: "In Apache Portable Runtime (APR) existieren mehrere Schwachstellen. Diese basieren auf mehreren Integer Overflows, in folge kommt es zu out-of-bounds-writes. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T005246", "67646", "T012412", "T019293", "T004914", "703851", "T027117", "T028206", "T028207", "398363", "T023377", "T027038", "T026520", "7654", "T032255", "T021423", "T021422", "2951", "T002207", "T029706", "T000126", "T019704", "920206", "T001650", "T007073", "T008162", "1727", ], last_affected: [ "1046480", "T026069", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-28331", }, ], }
wid-sec-w-2023-0245
Vulnerability from csaf_certbund
Published
2023-01-31 23:00
Modified
2024-05-12 22:00
Summary
Apache Portable Runtime (APR): Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Apache Portable Runtime (APR) ist eine unterstützende Bibliothek für den Apache Web Server.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Apache Portable Runtime (APR) ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Apache Portable Runtime (APR) ist eine unterstützende Bibliothek für den Apache Web Server.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein lokaler Angreifer kann mehrere Schwachstellen in Apache Portable Runtime (APR) ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", title: "Angriff", }, { category: "general", text: "- Linux\n- UNIX\n- Windows", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-0245 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-0245.json", }, { category: "self", summary: "WID-SEC-2023-0245 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0245", }, { category: "external", summary: "Github Security Advisory GHSA-27j5-c395-8j82 vom 2023-01-31", url: "https://github.com/advisories/GHSA-27j5-c395-8j82", }, { category: "external", summary: "Github Security Advisory GHSA-37mv-q3x5-3mwg vom 2023-01-31", url: "https://github.com/advisories/GHSA-37mv-q3x5-3mwg", }, { category: "external", summary: "Eintrag in der OSS-Mailingliste vom 2023-01-31", url: "https://seclists.org/oss-sec/2023/q1/64", }, { category: "external", summary: "Eintrag in der OSS-Mailingliste vom 2023-01-31", url: "https://seclists.org/oss-sec/2023/q1/65", }, { category: "external", summary: "Eintrag in der OSS-Mailingliste vom 2023-01-31", url: "https://seclists.org/oss-sec/2023/q1/63", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0337-1 vom 2023-02-10", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013717.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0338-1 vom 2023-02-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013715.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0324-1 vom 2023-02-09", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013711.html", }, { category: "external", summary: "SUSE Security Update SUSE-SU-2023:0389-1 vom 2023-02-13", url: "https://lists.suse.com/pipermail/sle-security-updates/2023-February/013744.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-1936 vom 2023-02-15", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1936.html", }, { category: "external", summary: "IBM Security Bulletin 6955577 vom 2023-02-14", url: "https://www.ibm.com/support/pages/node/6955577", }, { category: "external", summary: "Ubuntu Security Notice USN-5870-1 vom 2023-02-14", url: "https://ubuntu.com/security/notices/USN-5870-1", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS-2023-1684 vom 2023-02-15", url: "https://alas.aws.amazon.com/ALAS-2023-1684.html", }, { category: "external", summary: "Amazon Linux Security Advisory ALAS2-2023-1937 vom 2023-02-15", url: "https://alas.aws.amazon.com/AL2/ALAS-2023-1937.html", }, { category: "external", summary: "Debian Security Advisory DLA-3332 vom 2023-02-21", url: "https://lists.debian.org/debian-lts-announce/2023/02/msg00024.html", }, { category: "external", summary: "IBM Security Bulletin 6958064 vom 2023-02-24", url: "https://www.ibm.com/support/pages/node/6958064", }, { category: "external", summary: "Ubuntu Security Notice USN-5885-1 vom 2023-02-27", url: "https://ubuntu.com/security/notices/USN-5885-1", }, { category: "external", summary: "Debian Security Advisory DSA-5364 vom 2023-02-27", url: "https://www.debian.org/security/2023/dsa-5364", }, { category: "external", summary: "IBM Security Bulletin 6955257 vom 2023-02-28", url: "https://www.ibm.com/support/pages/node/6955577", }, { category: "external", summary: "IBM Security Bulletin 6959883 vom 2023-03-03", url: "https://www.ibm.com/support/pages/node/6959883", }, { category: "external", summary: "Debian Security Advisory DSA-5370 vom 2023-03-07", url: "https://lists.debian.org/debian-security-announce/2023/msg00059.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-7711 vom 2023-12-11", url: "https://linux.oracle.com/errata/ELSA-2023-7711.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:7711 vom 2023-12-11", url: "https://access.redhat.com/errata/RHSA-2023:7711", }, { category: "external", summary: "IBM Security Bulletin 6962383 vom 2023-03-09", url: "https://www.ibm.com/support/pages/node/6962383", }, { category: "external", summary: "NetApp Security Advisory NTAP-20240315-0001 vom 2024-03-15", url: "https://security.netapp.com/advisory/ntap-20240315-0001/", }, { category: "external", summary: "IBM Security Bulletin 6967237 vom 2023-03-30", url: "https://www.ibm.com/support/pages/node/6967237", }, { category: "external", summary: "McAfee Security Bulletin SB10399 vom 2023-04-07", url: "https://kcm.trellix.com/corporate/index?page=content&id=SB10399&viewlocale=en_US&platinum_status=false&locale=en_US", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3145 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3145", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3109 vom 2023-05-16", url: "https://access.redhat.com/errata/RHSA-2023:3109", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3147 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3147", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3146 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3146", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3177 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3177", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3178 vom 2023-05-17", url: "https://access.redhat.com/errata/RHSA-2023:3178", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3147 vom 2023-05-18", url: "https://oss.oracle.com/pipermail/el-errata/2023-May/013985.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3145 vom 2023-05-20", url: "https://oss.oracle.com/pipermail/el-errata/2023-May/014014.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3145 vom 2023-05-20", url: "https://oss.oracle.com/pipermail/el-errata/2023-May/014013.html", }, { category: "external", summary: "Oracle Linux Security Advisory ELSA-2023-3109 vom 2023-05-26", url: "http://linux.oracle.com/errata/ELSA-2023-3109.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3380 vom 2023-06-03", url: "https://access.redhat.com/errata/RHSA-2023:3380", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3360 vom 2023-06-03", url: "https://access.redhat.com/errata/RHSA-2023:3360", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3355 vom 2023-06-05", url: "https://access.redhat.com/errata/RHSA-2023:3355", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:3354 vom 2023-06-05", url: "https://access.redhat.com/errata/RHSA-2023:3354", }, { category: "external", summary: "HCL Article KB0104916 vom 2023-06-06", url: "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0104916", }, { category: "external", summary: "Hitachi Vulnerability Information HITACHI-SEC-2023-122 vom 2023-06-20", url: "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-122/index.html", }, { category: "external", summary: "CentOS Security Advisory CESA-2023:3145 vom 2023-07-28", url: "https://lists.centos.org/pipermail/centos-announce/2023-July/086409.html", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4628 vom 2023-08-15", url: "https://access.redhat.com/errata/RHSA-2023:4628", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4629 vom 2023-08-15", url: "https://access.redhat.com/errata/RHSA-2023:4629", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4910 vom 2023-09-04", url: "https://access.redhat.com/errata/RHSA-2023:4910", }, { category: "external", summary: "Red Hat Security Advisory RHSA-2023:4909 vom 2023-09-04", url: "https://access.redhat.com/errata/RHSA-2023:4909", }, { category: "external", summary: "NetApp Security Advisory NTAP-20230908-0008 vom 2023-09-08", url: "https://security.netapp.com/advisory/ntap-20230908-0008/", }, { category: "external", summary: "Rocky Linux Security Advisory RLSA-2023:7711 vom 2024-05-10", url: "https://errata.build.resf.org/RLSA-2023:7711", }, ], source_lang: "en-US", title: "Apache Portable Runtime (APR): Mehrere Schwachstellen", tracking: { current_release_date: "2024-05-12T22:00:00.000+00:00", generator: { date: "2024-08-15T17:42:50.807+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-0245", initial_release_date: "2023-01-31T23:00:00.000+00:00", revision_history: [ { date: "2023-01-31T23:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, { date: "2023-02-09T23:00:00.000+00:00", number: "2", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-13T23:00:00.000+00:00", number: "3", summary: "Neue Updates von SUSE aufgenommen", }, { date: "2023-02-14T23:00:00.000+00:00", number: "4", summary: "Neue Updates von Amazon, IBM und Ubuntu aufgenommen", }, { date: "2023-02-21T23:00:00.000+00:00", number: "5", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-02-23T23:00:00.000+00:00", number: "6", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-02-26T23:00:00.000+00:00", number: "7", summary: "Neue Updates von Ubuntu und Debian aufgenommen", }, { date: "2023-02-27T23:00:00.000+00:00", number: "8", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-02T23:00:00.000+00:00", number: "9", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-07T23:00:00.000+00:00", number: "10", summary: "Neue Updates von Debian aufgenommen", }, { date: "2023-03-08T23:00:00.000+00:00", number: "11", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-03-30T22:00:00.000+00:00", number: "12", summary: "Neue Updates von IBM aufgenommen", }, { date: "2023-04-10T22:00:00.000+00:00", number: "13", summary: "Neue Updates von McAfee aufgenommen", }, { date: "2023-05-16T22:00:00.000+00:00", number: "14", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-05-18T22:00:00.000+00:00", number: "15", summary: "Neue Updates von Red Hat und Oracle Linux aufgenommen", }, { date: "2023-05-21T22:00:00.000+00:00", number: "16", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-05-25T22:00:00.000+00:00", number: "17", summary: "Neue Updates von Oracle Linux aufgenommen", }, { date: "2023-06-04T22:00:00.000+00:00", number: "18", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-06-05T22:00:00.000+00:00", number: "19", summary: "Neue Updates von Red Hat und HCL aufgenommen", }, { date: "2023-06-19T22:00:00.000+00:00", number: "20", summary: "Neue Updates von HITACHI aufgenommen", }, { date: "2023-07-30T22:00:00.000+00:00", number: "21", summary: "Neue Updates von CentOS aufgenommen", }, { date: "2023-08-15T22:00:00.000+00:00", number: "22", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-09-04T22:00:00.000+00:00", number: "23", summary: "Neue Updates von Red Hat aufgenommen", }, { date: "2023-09-10T22:00:00.000+00:00", number: "24", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2023-12-11T23:00:00.000+00:00", number: "25", summary: "Neue Updates von Oracle Linux und Red Hat aufgenommen", }, { date: "2024-03-14T23:00:00.000+00:00", number: "26", summary: "Neue Updates von NetApp aufgenommen", }, { date: "2024-05-12T22:00:00.000+00:00", number: "27", summary: "Neue Updates von Rocky Enterprise Software Foundation aufgenommen", }, ], status: "final", version: "27", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Amazon Linux 2", product: { name: "Amazon Linux 2", product_id: "398363", product_identification_helper: { cpe: "cpe:/o:amazon:linux_2:-", }, }, }, ], category: "vendor", name: "Amazon", }, { branches: [ { branches: [ { category: "product_version_range", name: "<=1.6.1", product: { name: "Apache Portable Runtime (APR) <=1.6.1", product_id: "1046480", }, }, { category: "product_version_range", name: "<=1.7.0", product: { name: "Apache Portable Runtime (APR) <=1.7.0", product_id: "T026069", }, }, ], category: "product_name", name: "Portable Runtime (APR)", }, ], category: "vendor", name: "Apache", }, { branches: [ { category: "product_name", name: "Debian Linux", product: { name: "Debian Linux", product_id: "2951", product_identification_helper: { cpe: "cpe:/o:debian:debian_linux:-", }, }, }, ], category: "vendor", name: "Debian", }, { branches: [ { category: "product_name", name: "HCL Commerce", product: { name: "HCL Commerce", product_id: "T019293", product_identification_helper: { cpe: "cpe:/a:hcltechsw:commerce:-", }, }, }, ], category: "vendor", name: "HCL", }, { branches: [ { branches: [ { category: "product_version_range", name: "<10.9.2-01", product: { name: "Hitachi Configuration Manager <10.9.2-01", product_id: "T028206", }, }, ], category: "product_name", name: "Configuration Manager", }, { branches: [ { category: "product_version_range", name: "<10.9.2-01", product: { name: "Hitachi Ops Center <10.9.2-01", product_id: "T028207", }, }, ], category: "product_name", name: "Ops Center", }, ], category: "vendor", name: "Hitachi", }, { branches: [ { category: "product_name", name: "IBM Business Automation Workflow", product: { name: "IBM Business Automation Workflow", product_id: "T019704", product_identification_helper: { cpe: "cpe:/a:ibm:business_automation_workflow:-", }, }, }, { branches: [ { category: "product_version", name: "8.5", product: { name: "IBM HTTP Server 8.5", product_id: "T001650", product_identification_helper: { cpe: "cpe:/a:ibm:http_server:8.5", }, }, }, { category: "product_version", name: "9", product: { name: "IBM HTTP Server 9.0", product_id: "T008162", product_identification_helper: { cpe: "cpe:/a:ibm:http_server:9.0", }, }, }, ], category: "product_name", name: "HTTP Server", }, { branches: [ { category: "product_version", name: "9.0.2", product: { name: "IBM Rational ClearCase 9.0.2", product_id: "T021422", product_identification_helper: { cpe: "cpe:/a:ibm:rational_clearcase:9.0.2", }, }, }, { category: "product_version", name: "9.1", product: { name: "IBM Rational ClearCase 9.1", product_id: "T021423", product_identification_helper: { cpe: "cpe:/a:ibm:rational_clearcase:9.1", }, }, }, { category: "product_version", name: "10.0.0", product: { name: "IBM Rational ClearCase 10.0.0", product_id: "T026520", product_identification_helper: { cpe: "cpe:/a:ibm:rational_clearcase:10.0.0", }, }, }, ], category: "product_name", name: "Rational ClearCase", }, { branches: [ { category: "product_version", name: "8.2.1", product: { name: "IBM Security Access Manager for Enterprise Single Sign-On 8.2.1", product_id: "T005246", product_identification_helper: { cpe: "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.1", }, }, }, { category: "product_version", name: "8.2.2", product: { name: "IBM Security Access Manager for Enterprise Single Sign-On 8.2.2", product_id: "T007073", product_identification_helper: { cpe: "cpe:/a:ibm:security_access_manager_for_enterprise_single_sign_on:8.2.2", }, }, }, ], category: "product_name", name: "Security Access Manager for Enterprise Single Sign-On", }, { branches: [ { category: "product_version_range", name: "<6.3.0.7 sp5", product: { name: "IBM Tivoli Monitoring <6.3.0.7 sp5", product_id: "T023377", }, }, ], category: "product_name", name: "Tivoli Monitoring", }, { branches: [ { category: "product_version", name: "8.5", product: { name: "IBM WebSphere Application Server 8.5", product_id: "703851", product_identification_helper: { cpe: "cpe:/a:ibm:websphere_application_server:8.5", }, }, }, ], category: "product_name", name: "WebSphere Application Server", }, ], category: "vendor", name: "IBM", }, { branches: [ { branches: [ { category: "product_name", name: "NetApp Data ONTAP", product: { name: "NetApp Data ONTAP", product_id: "7654", product_identification_helper: { cpe: "cpe:/a:netapp:data_ontap:-", }, }, }, { category: "product_version", name: "9", product: { name: "NetApp Data ONTAP 9", product_id: "T027038", product_identification_helper: { cpe: "cpe:/a:netapp:data_ontap:9", }, }, }, ], category: "product_name", name: "Data ONTAP", }, { category: "product_name", name: "NetApp StorageGRID", product: { name: "NetApp StorageGRID", product_id: "920206", product_identification_helper: { cpe: "cpe:/a:netapp:storagegrid:-", }, }, }, ], category: "vendor", name: "NetApp", }, { branches: [ { category: "product_name", name: "Open Source CentOS", product: { name: "Open Source CentOS", product_id: "1727", product_identification_helper: { cpe: "cpe:/o:centos:centos:-", }, }, }, ], category: "vendor", name: "Open Source", }, { branches: [ { category: "product_name", name: "Oracle Linux", product: { name: "Oracle Linux", product_id: "T004914", product_identification_helper: { cpe: "cpe:/o:oracle:linux:-", }, }, }, ], category: "vendor", name: "Oracle", }, { branches: [ { category: "product_name", name: "RESF Rocky Linux", product: { name: "RESF Rocky Linux", product_id: "T032255", product_identification_helper: { cpe: "cpe:/o:resf:rocky_linux:-", }, }, }, ], category: "vendor", name: "RESF", }, { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux", product: { name: "Red Hat Enterprise Linux", product_id: "67646", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:-", }, }, }, { category: "product_name", name: "Red Hat JBoss Core Services", product: { name: "Red Hat JBoss Core Services", product_id: "T012412", product_identification_helper: { cpe: "cpe:/a:redhat:jboss_core_services:-", }, }, }, { branches: [ { category: "product_version_range", name: "<5.7.4", product: { name: "Red Hat JBoss Web Server <5.7.4", product_id: "T029706", }, }, ], category: "product_name", name: "JBoss Web Server", }, ], category: "vendor", name: "Red Hat", }, { branches: [ { category: "product_name", name: "SUSE Linux", product: { name: "SUSE Linux", product_id: "T002207", product_identification_helper: { cpe: "cpe:/o:suse:suse_linux:-", }, }, }, ], category: "vendor", name: "SUSE", }, { branches: [ { branches: [ { category: "product_version_range", name: "<5.10 Service Pack 1", product: { name: "Trellix ePolicy Orchestrator <5.10 Service Pack 1", product_id: "T027117", }, }, ], category: "product_name", name: "ePolicy Orchestrator", }, ], category: "vendor", name: "Trellix", }, { branches: [ { category: "product_name", name: "Ubuntu Linux", product: { name: "Ubuntu Linux", product_id: "T000126", product_identification_helper: { cpe: "cpe:/o:canonical:ubuntu_linux:-", }, }, }, ], category: "vendor", name: "Ubuntu", }, ], }, vulnerabilities: [ { cve: "CVE-2022-24963", notes: [ { category: "description", text: "In Apache Portable Runtime (APR) existieren mehrere Schwachstellen. Diese basieren auf mehreren Integer Overflows, in folge kommt es zu out-of-bounds-writes. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T005246", "67646", "T012412", "T019293", "T004914", "703851", "T027117", "T028206", "T028207", "398363", "T023377", "T027038", "T026520", "7654", "T032255", "T021423", "T021422", "2951", "T002207", "T029706", "T000126", "T019704", "920206", "T001650", "T007073", "T008162", "1727", ], last_affected: [ "1046480", "T026069", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-24963", }, { cve: "CVE-2022-25147", notes: [ { category: "description", text: "In Apache Portable Runtime (APR) existieren mehrere Schwachstellen. Diese basieren auf mehreren Integer Overflows, in folge kommt es zu out-of-bounds-writes. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T005246", "67646", "T012412", "T019293", "T004914", "703851", "T027117", "T028206", "T028207", "398363", "T023377", "T027038", "T026520", "7654", "T032255", "T021423", "T021422", "2951", "T002207", "T029706", "T000126", "T019704", "920206", "T001650", "T007073", "T008162", "1727", ], last_affected: [ "1046480", "T026069", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-25147", }, { cve: "CVE-2022-28331", notes: [ { category: "description", text: "In Apache Portable Runtime (APR) existieren mehrere Schwachstellen. Diese basieren auf mehreren Integer Overflows, in folge kommt es zu out-of-bounds-writes. Ein lokaler Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Zustand herbeizuführen.", }, ], product_status: { known_affected: [ "T005246", "67646", "T012412", "T019293", "T004914", "703851", "T027117", "T028206", "T028207", "398363", "T023377", "T027038", "T026520", "7654", "T032255", "T021423", "T021422", "2951", "T002207", "T029706", "T000126", "T019704", "920206", "T001650", "T007073", "T008162", "1727", ], last_affected: [ "1046480", "T026069", ], }, release_date: "2023-01-31T23:00:00.000+00:00", title: "CVE-2022-28331", }, ], }
ghsa-27j5-c395-8j82
Vulnerability from github
Published
2023-01-31 18:30
Modified
2023-02-08 21:30
Severity ?
Details
On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.
{ affected: [], aliases: [ "CVE-2022-28331", ], database_specific: { cwe_ids: [ "CWE-190", "CWE-787", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2023-01-31T16:15:00Z", severity: "CRITICAL", }, details: "On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond the end of a stack based buffer in apr_socket_sendv(). This is a result of integer overflow.", id: "GHSA-27j5-c395-8j82", modified: "2023-02-08T21:30:22Z", published: "2023-01-31T18:30:22Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2022-28331", }, { type: "WEB", url: "https://lists.apache.org/thread/5pfdfn7h0vsdo5xzjn97vghp0x42jj2r", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", type: "CVSS_V3", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.