cvelistv5 - cve-2016-0750

Source	URL	Tags
secalert@redhat.com	http://www.securityfocus.com/bid/101910	Third Party Advisory, VDB Entry
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2017:3244	Vendor Advisory
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2018:0501	Vendor Advisory
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750	Issue Tracking, Vendor Advisory
secalert@redhat.com	https://github.com/infinispan/infinispan/pull/5116	Patch, Vendor Advisory
secalert@redhat.com	https://issues.jboss.org/browse/ISPN-7781	Issue Tracking, Third Party Advisory

Vendor	Product
Red Hat	Infinispan

rhsa-2018_0501

Vulnerability from csaf_redhat

Published

2018-03-13 14:45

Modified

2024-09-16 01:01

Summary

Red Hat Security Advisory: Red Hat Single Sign-On 7.2.1 security update

Notes

Topic

Red Hat Single Sign-On 7.2.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.2.1 serves as a replacement for Red Hat Single Sign-On 7.2.0, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section. Security Fix(es): * hotrod client: unchecked deserialization in marshaller util (CVE-2016-0750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat Single Sign-On 7.2.1 is now available for download from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat Single Sign-On 7.2 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications.\n\nThis release of Red Hat Single Sign-On 7.2.1 serves as a replacement for Red Hat Single Sign-On 7.2.0, and includes several bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* hotrod client: unchecked deserialization in marshaller util (CVE-2016-0750)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2018:0501",
        "url": "https://access.redhat.com/errata/RHSA-2018:0501"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches\u0026product=core.service.rhsso\u0026version=7.2"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_single_sign_on/?version=7.2"
      },
      {
        "category": "external",
        "summary": "1300443",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300443"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_0501.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Single Sign-On 7.2.1 security update",
    "tracking": {
      "current_release_date": "2024-09-16T01:01:39+00:00",
      "generator": {
        "date": "2024-09-16T01:01:39+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2018:0501",
      "initial_release_date": "2018-03-13T14:45:37+00:00",
      "revision_history": [
        {
          "date": "2018-03-13T14:45:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2018-03-13T14:45:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T01:01:39+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Single Sign-On 7.2.1 zip",
                "product": {
                  "name": "Red Hat Single Sign-On 7.2.1 zip",
                  "product_id": "Red Hat Single Sign-On 7.2.1 zip",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_single_sign_on:7.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Single Sign-On"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Sebastian Olsson"
          ],
          "organization": "TrueSec"
        }
      ],
      "cve": "CVE-2016-0750",
      "cwe": {
        "id": "CWE-138",
        "name": "Improper Neutralization of Special Elements"
      },
      "discovery_date": "2015-01-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1300443"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "client: unchecked deserialization in marshaller util",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.2.1 zip"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0750"
        },
        {
          "category": "external",
          "summary": "RHBZ#1300443",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300443"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0750"
        }
      ],
      "release_date": "2017-11-16T18:11:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0501"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "client: unchecked deserialization in marshaller util"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Gregory Ramsperger",
            "Ryan Moak"
          ]
        }
      ],
      "cve": "CVE-2017-2670",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2017-04-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1438885"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: IO thread DoS via unclean Websocket closing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.2.1 zip"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-2670"
        },
        {
          "category": "external",
          "summary": "RHBZ#1438885",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1438885"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2670",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-2670"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670"
        }
      ],
      "release_date": "2017-06-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0501"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: IO thread DoS via unclean Websocket closing"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Man Yue Mo"
          ],
          "organization": "Semmle/lgtm.com"
        }
      ],
      "cve": "CVE-2017-15089",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2017-10-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1503610"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "infinispan: Unsafe deserialization of malicious object injected into data cache",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.2.1 zip"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-15089"
        },
        {
          "category": "external",
          "summary": "RHBZ#1503610",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503610"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-15089",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-15089"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-15089",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15089"
        }
      ],
      "release_date": "2018-02-12T15:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0501"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "infinispan: Unsafe deserialization of malicious object injected into data cache"
    },
    {
      "cve": "CVE-2017-16012",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2018-06-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1591854"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "This CVE ID has been rejected or withdrawn by its CVE Numbering Authority for the following reason: DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2015-9251.  Reason: This candidate is a duplicate of CVE-2015-9251.  Notes: All CVE users should reference CVE-2015-9251 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "js-jquery: XSS in responses from cross-origin ajax requests",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Single Sign-On 7.2.1 zip"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-16012"
        },
        {
          "category": "external",
          "summary": "RHBZ#1591854",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591854"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-16012",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-16012"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16012"
        }
      ],
      "release_date": "2017-03-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).",
          "product_ids": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2018:0501"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat Single Sign-On 7.2.1 zip"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "js-jquery: XSS in responses from cross-origin ajax requests"
    }
  ]
}

rhsa-2017_3244

Vulnerability from csaf_redhat

Published

2017-11-16 19:52

Modified

2024-09-16 00:50

Summary

Red Hat Security Advisory: Red Hat JBoss Data Grid 7.1.1 security update

Notes

Topic

Red Hat JBoss Data Grid 7.1.1 is now available for download from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details

Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 7.1.1 serves as a replacement for Red Hat JBoss Data Grid 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References. Security Fix(es): * It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr's Config API. (CVE-2017-12629) * It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645) * The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. (CVE-2016-0750) For more information regarding CVE-2017-12629, see the article linked in the references section. Red Hat would like to thank Sebastian Olsson (TrueSec) for reporting CVE-2016-0750.

Terms of Use

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Data Grid 7.1.1 is now available for download from the Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan.\n\nThis release of Red Hat JBoss Data Grid 7.1.1 serves as a replacement for Red Hat JBoss Data Grid 7.1.0, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References.\n\nSecurity Fix(es):\n\n* It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API. (CVE-2017-12629)\n\n* It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application. (CVE-2017-5645)\n\n* The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. (CVE-2016-0750)\n\nFor more information regarding CVE-2017-12629, see the article linked in the references section.\n\nRed Hat would like to thank Sebastian Olsson (TrueSec) for reporting CVE-2016-0750.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2017:3244",
        "url": "https://access.redhat.com/errata/RHSA-2017:3244"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629",
        "url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions\u0026version=7.1.1",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=distributions\u0026version=7.1.1"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/",
        "url": "https://access.redhat.com/documentation/en-US/Red_Hat_JBoss_Data_Grid/"
      },
      {
        "category": "external",
        "summary": "1300443",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300443"
      },
      {
        "category": "external",
        "summary": "1443635",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
      },
      {
        "category": "external",
        "summary": "1501529",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2017/rhsa-2017_3244.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Data Grid 7.1.1 security update",
    "tracking": {
      "current_release_date": "2024-09-16T00:50:43+00:00",
      "generator": {
        "date": "2024-09-16T00:50:43+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2017:3244",
      "initial_release_date": "2017-11-16T19:52:09+00:00",
      "revision_history": [
        {
          "date": "2017-11-16T19:52:09+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2017-11-16T19:52:09+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-16T00:50:43+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Data Grid 7.1",
                "product": {
                  "name": "Red Hat JBoss Data Grid 7.1",
                  "product_id": "Red Hat JBoss Data Grid 7.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_data_grid:7.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Data Grid"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Sebastian Olsson"
          ],
          "organization": "TrueSec"
        }
      ],
      "cve": "CVE-2016-0750",
      "cwe": {
        "id": "CWE-138",
        "name": "Improper Neutralization of Special Elements"
      },
      "discovery_date": "2015-01-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1300443"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "client: unchecked deserialization in marshaller util",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2016-0750"
        },
        {
          "category": "external",
          "summary": "RHBZ#1300443",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1300443"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2016-0750",
          "url": "https://www.cve.org/CVERecord?id=CVE-2016-0750"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0750",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0750"
        }
      ],
      "release_date": "2017-11-16T18:11:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
          "product_ids": [
            "Red Hat JBoss Data Grid 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3244"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "NONE",
            "baseScore": 3.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.2,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 7.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "client: unchecked deserialization in marshaller util"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Gregory Ramsperger",
            "Ryan Moak"
          ]
        }
      ],
      "cve": "CVE-2017-2670",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "discovery_date": "2017-04-04T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1438885"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undertow: IO thread DoS via unclean Websocket closing",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-2670"
        },
        {
          "category": "external",
          "summary": "RHBZ#1438885",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1438885"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-2670",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-2670"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2670"
        }
      ],
      "release_date": "2017-06-07T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
          "product_ids": [
            "Red Hat JBoss Data Grid 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3244"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 7.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undertow: IO thread DoS via unclean Websocket closing"
    },
    {
      "cve": "CVE-2017-5645",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2017-04-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1443635"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP. An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j: Socket receiver deserialization vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The flaw in Log4j-1.x is now identified by CVE-2019-17571. CVE-2017-5645 has been assigned by MITRE to a similar flaw identified in Log4j-2.x",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-5645"
        },
        {
          "category": "external",
          "summary": "RHBZ#1443635",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1443635"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-5645",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-5645"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5645"
        }
      ],
      "release_date": "2017-04-02T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
          "product_ids": [
            "Red Hat JBoss Data Grid 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3244"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 7.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "log4j: Socket receiver deserialization vulnerability"
    },
    {
      "cve": "CVE-2017-12629",
      "cwe": {
        "id": "CWE-138",
        "name": "Improper Neutralization of Special Elements"
      },
      "discovery_date": "2017-10-12T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1501529"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Lucene would accept an object from an unauthenticated user that could be manipulated through subsequent post requests. An attacker could use this flaw to assemble an object that could permit execution of arbitrary code if the server enabled Apache Solr\u0027s Config API.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Solr: Code execution via entity expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "The following products are not affected by this flaw, as they do not use the vulnerable functionality of either aspect of the issue.\nRed Hat JBoss Enterprise Application Platform 6\nRed Hat JBoss BPM Suite\nRed Hat JBoss BRMS\nRed Hat Enterprise Virtualization Manager\nRed Hat Single Sign-On 7\nRed Hat JBoss Portal Platform 6\n\nRed Hat JBoss Enterprise Application Platform 7 is not affected by this flaw. However, it does ship the vulnerable Lucene class in a dependency to another component. Customers who reuse the lucene-queryparser jar in their applications may be vulnerable to the External Entity Expansion aspect of this flaw. This will be patched in a forthcoming release.\n\nRed Hat JBoss Fuse is not affected by this flaw, as it does not use the vulnerable functionality of either aspect of this flaw. Fuse customers who may be running external Solr servers, while not affected from the Fuse side, are advised to secure their Solr servers as recommended in the mitigation provided.\n\nThe following products ship only the Lucene components relevant to this flaw, and are not vulnerable to the second portion of the vulnerability, the code execution exploit. As such, the impact of this flaw has been determined to be Moderate for these respective products:\nRed Hat JBoss Data Grid 7 \nRed Hat Enterprise Linux 6\nRed Hat Software Collections 2.4\n\nThis issue did not affect the versions of lucene as shipped with Red Hat Enterprise Linux 5.\n\nThis issue does not affect Elasticsearch as shipped in OpenShift Container Platform.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2017-12629"
        },
        {
          "category": "external",
          "summary": "RHBZ#1501529",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1501529"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2017-12629",
          "url": "https://www.cve.org/CVERecord?id=CVE-2017-12629"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12629"
        },
        {
          "category": "external",
          "summary": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629",
          "url": "https://access.redhat.com/security/vulnerabilities/CVE-2017-12629"
        }
      ],
      "release_date": "2017-10-12T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
          "product_ids": [
            "Red Hat JBoss Data Grid 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3244"
        },
        {
          "category": "workaround",
          "details": "Until fixes are available, all Solr users are advised to restart their Solr instances with the system parameter `-Ddisable.configEdit=true`. This will disallow any changes to be made to configurations via the Config API. This is a key factor in this vulnerability, since it allows GET requests to add the RunExecutableListener to the config.\n\nThis is sufficient to protect from this type of attack, but means you cannot use the edit capabilities of the Config API until further fixes are in place.",
          "product_ids": [
            "Red Hat JBoss Data Grid 7.1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Data Grid 7.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "Solr: Code execution via entity expansion"
    },
    {
      "cve": "CVE-2019-17571",
      "cwe": {
        "id": "CWE-502",
        "name": "Deserialization of Untrusted Data"
      },
      "discovery_date": "2019-12-20T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1785616"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in Log4j, where a vulnerable SocketServer class may lead to the deserialization of untrusted data. This flaw allows an attacker to remotely execute arbitrary code when combined with a deserialization gadget.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "log4j: deserialization of untrusted data in SocketServer",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is the same issue as CVE-2017-5645. MITRE has CVE-2017-5645 to a similar flaw found in log4j-2.x. The flaw found in log4j-1.2 has been assigned CVE-2019-17571. CVE-2019-17571 has been addressed in Red Hat Enterprise Linux via RHSA-2017:2423.\nAlso the rh-java-common-log4j package shipped with Red Hat Software Collections was addressed via RHSA-2017:1417\n\nIn Satellite 5.8, although the version of log4j as shipped in the nutch package is affected, nutch does not load any of the SocketServer classes from log4j. Satellite 5 is considered not vulnerable to this flaw since the affected code can not be reached.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Data Grid 7.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2019-17571"
        },
        {
          "category": "external",
          "summary": "RHBZ#1785616",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1785616"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2019-17571",
          "url": "https://www.cve.org/CVERecord?id=CVE-2019-17571"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-17571",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-17571"
        }
      ],
      "release_date": "2019-12-20T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "The References section of this erratum contains a download link (you must log in to download the update).\n\nBefore applying the update, back up your existing Red Hat JBoss Data Grid installation (including databases, configuration files, and so on).",
          "product_ids": [
            "Red Hat JBoss Data Grid 7.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2017:3244"
        },
        {
          "category": "workaround",
          "details": "Please note that the Log4j upstream strongly recommends against using the SerializedLayout with the SocketAppenders. Customers may mitigate this issue by removing the SocketServer class outright; or if they must continue to use SocketAppenders, they can modify their SocketAppender configuration from SerializedLayout to use JsonLayout instead. An example of this in log4j-server.properties might look like this:\n\nlog4j.appender.file.layout=org.apache.log4j.JsonLayout",
          "product_ids": [
            "Red Hat JBoss Data Grid 7.1"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat JBoss Data Grid 7.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "log4j: deserialization of untrusted data in SocketServer"
    }
  ]
}

gsd-2016-0750

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Aliases

CVE-2016-0750

Aliases

CVE-2016-0750

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-0750",
    "description": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.",
    "id": "GSD-2016-0750",
    "references": [
      "https://access.redhat.com/errata/RHSA-2018:0501",
      "https://access.redhat.com/errata/RHSA-2017:3244"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-0750"
      ],
      "details": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.",
      "id": "GSD-2016-0750",
      "modified": "2023-12-13T01:21:17.835601Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2016-0750",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Infinispan",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "9.1.0.Final"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Red Hat"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks."
          }
        ]
      },
      "impact": {
        "cvss": [
          [
            {
              "vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
              "version": "3.0"
            }
          ],
          [
            {
              "vectorString": "3.6/AV:N/AC:H/Au:S/C:P/I:P/A:N",
              "version": "2.0"
            }
          ]
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-138"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://issues.jboss.org/browse/ISPN-7781",
            "refsource": "CONFIRM",
            "url": "https://issues.jboss.org/browse/ISPN-7781"
          },
          {
            "name": "101910",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/101910"
          },
          {
            "name": "https://github.com/infinispan/infinispan/pull/5116",
            "refsource": "CONFIRM",
            "url": "https://github.com/infinispan/infinispan/pull/5116"
          },
          {
            "name": "RHSA-2018:0501",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2018:0501"
          },
          {
            "name": "RHSA-2017:3244",
            "refsource": "REDHAT",
            "url": "https://access.redhat.com/errata/RHSA-2017:3244"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:infinispan:infinispan:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "9.1.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2016-0750"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-502"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://issues.jboss.org/browse/ISPN-7781",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Third Party Advisory"
              ],
              "url": "https://issues.jboss.org/browse/ISPN-7781"
            },
            {
              "name": "https://github.com/infinispan/infinispan/pull/5116",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://github.com/infinispan/infinispan/pull/5116"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
            },
            {
              "name": "RHSA-2018:0501",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2018:0501"
            },
            {
              "name": "RHSA-2017:3244",
              "refsource": "REDHAT",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://access.redhat.com/errata/RHSA-2017:3244"
            },
            {
              "name": "101910",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/101910"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:16Z",
      "publishedDate": "2018-09-11T13:29Z"
    }
  }
}

ghsa-4hhg-8ghq-vwq6

Vulnerability from github

Published

2022-05-13 01:38

Modified

2022-05-13 01:38

Severity

8.8 (High) - CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2016-0750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-502"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-09-11T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks.",
  "id": "GHSA-4hhg-8ghq-vwq6",
  "modified": "2022-05-13T01:38:51Z",
  "published": "2022-05-13T01:38:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0750"
    },
    {
      "type": "WEB",
      "url": "https://github.com/infinispan/infinispan/pull/5116"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2017:3244"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2018:0501"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750"
    },
    {
      "type": "WEB",
      "url": "https://issues.jboss.org/browse/ISPN-7781"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/101910"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Action not permitted

cve-2016-0750

Vulnerability from cvelistv5

rhsa-2018_0501

Vulnerability from csaf_redhat

rhsa-2017_3244

Vulnerability from csaf_redhat

gsd-2016-0750

Vulnerability from gsd

ghsa-4hhg-8ghq-vwq6

Vulnerability from github

Tags