Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2023-33008
Vulnerability from cvelistv5
Published
2023-07-07 09:07
Modified
2024-10-07 19:13
Severity ?
EPSS score ?
Summary
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.
A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal.
This issue affects Apache Johnzon: through 1.2.20.
References
▼ | URL | Tags | |
---|---|---|---|
security@apache.org | https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l | Issue Tracking, Mailing List, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l | Issue Tracking, Mailing List, Vendor Advisory |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Apache Software Foundation | Apache Johnzon |
Version: 0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T15:32:46.616Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:apache:johnzon:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "johnzon", "vendor": "apache", "versions": [ { "lessThan": "1.2.21", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2023-33008", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-07T19:06:08.762662Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-07T19:13:58.440Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Apache Johnzon", "vendor": "Apache Software Foundation", "versions": [ { "lessThanOrEqual": "1.2.20", "status": "affected", "version": "0", "versionType": "1.2.21" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "PJ Fanning" }, { "lang": "en", "type": "remediation developer", "value": "Jean-Louis Monteiro" }, { "lang": "en", "type": "remediation reviewer", "value": "Romain Manni-Bucau" } ], "descriptions": [ { "lang": "en", "supportingMedia": [ { "base64": false, "type": "text/html", "value": "\u003cdiv\u003eDeserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\u003cbr\u003e\u003c/div\u003e\u003cp\u003eA malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u0026nbsp;1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Johnzon: through 1.2.20.\u003c/p\u003e" } ], "value": "Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\n\n\nA malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \n\n\nThis issue affects Apache Johnzon: through 1.2.20.\n\n" } ], "metrics": [ { "other": { "content": { "text": "important" }, "type": "Textual description of severity" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-502", "description": "CWE-502 Deserialization of Untrusted Data", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2023-07-07T09:07:31.070Z", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache" }, "references": [ { "tags": [ "vendor-advisory" ], "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ], "source": { "defect": [ "JOHNZON-397" ], "discovery": "EXTERNAL" }, "title": "Apache Johnzon: Prevent inefficient internal conversion from BigDecimal at large scale", "x_generator": { "engine": "Vulnogram 0.1.0-dev" } } }, "cveMetadata": { "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2023-33008", "datePublished": "2023-07-07T09:07:31.070Z", "dateReserved": "2023-05-16T12:48:35.689Z", "dateUpdated": "2024-10-07T19:13:58.440Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2023-33008\",\"sourceIdentifier\":\"security@apache.org\",\"published\":\"2023-07-07T10:15:09.487\",\"lastModified\":\"2024-11-21T08:04:23.530\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\\n\\n\\nA malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \\n\\n\\nThis issue affects Apache Johnzon: through 1.2.20.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security@apache.org\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:apache:johnzon:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.21\",\"matchCriteriaId\":\"831FCF86-817D-4B2F-ACBD-F086AD8CFB2C\"}]}]}],\"references\":[{\"url\":\"https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l\",\"source\":\"security@apache.org\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\",\"Vendor Advisory\"]}]}}" } }
wid-sec-w-2023-2583
Vulnerability from csaf_certbund
Published
2023-10-05 22:00
Modified
2024-02-13 23:00
Summary
Red Hat JBoss A-MQ: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss A-MQ ist eine Messaging-Plattform.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss A-MQ ist eine Messaging-Plattform.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2583 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2583.json" }, { "category": "self", "summary": "WID-SEC-2023-2583 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2583" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5491 vom 2023-10-05", "url": "https://access.redhat.com/errata/RHSA-2023:5491" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7638 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7638" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7641 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7641" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7639 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7639" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7637 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7637" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0799 vom 2024-02-14", "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0804 vom 2024-02-13", "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "source_lang": "en-US", "title": "Red Hat JBoss A-MQ: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-02-13T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:47:01.488+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2583", "initial_release_date": "2023-10-05T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-05T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-04T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-02-13T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c Broker 7.11.2", "product": { "name": "Red Hat JBoss A-MQ \u003c Broker 7.11.2", "product_id": "T030286", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_amq:broker_7.11.2" } } } ], "category": "product_name", "name": "JBoss A-MQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Diese besteht in der Komponente \"Guava\" und ist auf einen Fehler beim Zugriff auf tempor\u00e4re Dateien zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2023-10-05T22:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-33008", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Diese besteht in der Komponente \"Johnzon\" und ist auf einen Fehler bei der Deserialiserung von Daten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2023-10-05T22:00:00Z", "title": "CVE-2023-33008" } ] }
WID-SEC-W-2024-0293
Vulnerability from csaf_certbund
Published
2024-02-04 23:00
Modified
2024-04-04 22:00
Summary
IBM Business Automation Workflow: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0293 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0293.json" }, { "category": "self", "summary": "WID-SEC-2024-0293 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0293" }, { "category": "external", "summary": "IBM Security Bulletin 7114431 vom 2024-02-04", "url": "https://www.ibm.com/support/pages/node/7114431" }, { "category": "external", "summary": "IBM Security Bulletin 7145910 vom 2024-04-04", "url": "https://www.ibm.com/support/pages/node/7145910" } ], "source_lang": "en-US", "title": "IBM Business Automation Workflow: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2024-04-04T22:00:00.000+00:00", "generator": { "date": "2024-04-05T08:01:21.331+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0293", "initial_release_date": "2024-02-04T23:00:00.000+00:00", "revision_history": [ { "date": "2024-02-04T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-04-04T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM und IBM-APAR aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 23.0.2-IF001", "product": { "name": "IBM Business Automation Workflow \u003c 23.0.2-IF001", "product_id": "T032513", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.2-if001" } } }, { "category": "product_version_range", "name": "\u003c 21.0.3-IF029", "product": { "name": "IBM Business Automation Workflow \u003c 21.0.3-IF029", "product_id": "T032514", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3-if029" } } }, { "category": "product_version_range", "name": "\u003c 23.0.2-IF003", "product": { "name": "IBM Business Automation Workflow \u003c 23.0.2-IF003", "product_id": "T033824", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.2-if003" } } }, { "category": "product_version_range", "name": "\u003c 21.0.3-IF031", "product": { "name": "IBM Business Automation Workflow \u003c 21.0.3-IF031", "product_id": "T033912", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3-if031" } } } ], "category": "product_name", "name": "Business Automation Workflow" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-33008", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in IBM Business Automation Workflow. Diese ist auf einen Fehler bei der Deserialisierung in der Komponente \"BigDecimal\" zur\u00fcckzuf\u00fchren. Dies kann durch das Senden einer speziell pr\u00e4perierten JSON-Datei ausgenutzt werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033824", "T033912" ] }, "release_date": "2024-02-04T23:00:00Z", "title": "CVE-2023-33008" } ] }
wid-sec-w-2024-0293
Vulnerability from csaf_certbund
Published
2024-02-04 23:00
Modified
2024-04-04 22:00
Summary
IBM Business Automation Workflow: Schwachstelle ermöglicht Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
IBM Business Automation Workflow ist eine Lösung zur Automatisierung von Arbeitsabläufen.
Angriff
Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- UNIX
- Windows
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "IBM Business Automation Workflow ist eine L\u00f6sung zur Automatisierung von Arbeitsabl\u00e4ufen.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in IBM Business Automation Workflow ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- UNIX\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2024-0293 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0293.json" }, { "category": "self", "summary": "WID-SEC-2024-0293 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0293" }, { "category": "external", "summary": "IBM Security Bulletin 7114431 vom 2024-02-04", "url": "https://www.ibm.com/support/pages/node/7114431" }, { "category": "external", "summary": "IBM Security Bulletin 7145910 vom 2024-04-04", "url": "https://www.ibm.com/support/pages/node/7145910" } ], "source_lang": "en-US", "title": "IBM Business Automation Workflow: Schwachstelle erm\u00f6glicht Denial of Service", "tracking": { "current_release_date": "2024-04-04T22:00:00.000+00:00", "generator": { "date": "2024-04-05T08:01:21.331+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2024-0293", "initial_release_date": "2024-02-04T23:00:00.000+00:00", "revision_history": [ { "date": "2024-02-04T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2024-04-04T22:00:00.000+00:00", "number": "2", "summary": "Neue Updates von IBM und IBM-APAR aufgenommen" } ], "status": "final", "version": "2" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_version_range", "name": "\u003c 23.0.2-IF001", "product": { "name": "IBM Business Automation Workflow \u003c 23.0.2-IF001", "product_id": "T032513", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.2-if001" } } }, { "category": "product_version_range", "name": "\u003c 21.0.3-IF029", "product": { "name": "IBM Business Automation Workflow \u003c 21.0.3-IF029", "product_id": "T032514", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3-if029" } } }, { "category": "product_version_range", "name": "\u003c 23.0.2-IF003", "product": { "name": "IBM Business Automation Workflow \u003c 23.0.2-IF003", "product_id": "T033824", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:23.0.2-if003" } } }, { "category": "product_version_range", "name": "\u003c 21.0.3-IF031", "product": { "name": "IBM Business Automation Workflow \u003c 21.0.3-IF031", "product_id": "T033912", "product_identification_helper": { "cpe": "cpe:/a:ibm:business_automation_workflow:21.0.3-if031" } } } ], "category": "product_name", "name": "Business Automation Workflow" } ], "category": "vendor", "name": "IBM" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-33008", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in IBM Business Automation Workflow. Diese ist auf einen Fehler bei der Deserialisierung in der Komponente \"BigDecimal\" zur\u00fcckzuf\u00fchren. Dies kann durch das Senden einer speziell pr\u00e4perierten JSON-Datei ausgenutzt werden. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "T033824", "T033912" ] }, "release_date": "2024-02-04T23:00:00Z", "title": "CVE-2023-33008" } ] }
WID-SEC-W-2023-2583
Vulnerability from csaf_certbund
Published
2023-10-05 22:00
Modified
2024-02-13 23:00
Summary
Red Hat JBoss A-MQ: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
JBoss A-MQ ist eine Messaging-Plattform.
Angriff
Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuführen.
Betroffene Betriebssysteme
- Linux
{ "document": { "aggregate_severity": { "text": "mittel" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "JBoss A-MQ ist eine Messaging-Plattform.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Red Hat JBoss A-MQ ausnutzen, um Informationen offenzulegen, Dateien zu manipulieren oder einen Denial of Service Zustand herbeizuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2583 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2583.json" }, { "category": "self", "summary": "WID-SEC-2023-2583 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2583" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:5491 vom 2023-10-05", "url": "https://access.redhat.com/errata/RHSA-2023:5491" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7638 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7638" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7641 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7641" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7639 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7639" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2023:7637 vom 2023-12-05", "url": "https://access.redhat.com/errata/RHSA-2023:7637" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0799 vom 2024-02-14", "url": "https://access.redhat.com/errata/RHSA-2024:0799" }, { "category": "external", "summary": "Red Hat Security Advisory RHSA-2024:0804 vom 2024-02-13", "url": "https://access.redhat.com/errata/RHSA-2024:0804" } ], "source_lang": "en-US", "title": "Red Hat JBoss A-MQ: Mehrere Schwachstellen", "tracking": { "current_release_date": "2024-02-13T23:00:00.000+00:00", "generator": { "date": "2024-02-15T17:47:01.488+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2583", "initial_release_date": "2023-10-05T22:00:00.000+00:00", "revision_history": [ { "date": "2023-10-05T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-12-04T23:00:00.000+00:00", "number": "2", "summary": "Neue Updates von Red Hat aufgenommen" }, { "date": "2024-02-13T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates von Red Hat aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux", "product": { "name": "Red Hat Enterprise Linux", "product_id": "67646", "product_identification_helper": { "cpe": "cpe:/o:redhat:enterprise_linux:-" } } }, { "branches": [ { "category": "product_version_range", "name": "\u003c Broker 7.11.2", "product": { "name": "Red Hat JBoss A-MQ \u003c Broker 7.11.2", "product_id": "T030286", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_amq:broker_7.11.2" } } } ], "category": "product_name", "name": "JBoss A-MQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Diese besteht in der Komponente \"Guava\" und ist auf einen Fehler beim Zugriff auf tempor\u00e4re Dateien zur\u00fcckzuf\u00fchren. Ein lokaler Angreifer kann diese Schwachstelle ausnutzen, um Informationen offenzulegen oder Dateien zu manipulieren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2023-10-05T22:00:00Z", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-33008", "notes": [ { "category": "description", "text": "Es existiert eine Schwachstelle in Red Hat JBoss A-MQ. Diese besteht in der Komponente \"Johnzon\" und ist auf einen Fehler bei der Deserialiserung von Daten zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren." } ], "product_status": { "known_affected": [ "67646" ] }, "release_date": "2023-10-05T22:00:00Z", "title": "CVE-2023-33008" } ] }
rhsa-2023_6114
Vulnerability from csaf_redhat
Published
2023-10-25 14:53
Modified
2024-12-17 02:45
Summary
Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.17 security update
Notes
Topic
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of Red Hat support for Spring Boot 2.7.17 serves as a replacement for Red Hat support for Spring Boot 2.7.16, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section.
Security Fix(es):
* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
* apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat support for Spring Boot provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of Red Hat support for Spring Boot 2.7.17 serves as a replacement for Red Hat support for Spring Boot 2.7.16, and includes security, bug fixes and enhancements. For more information, see the release notes linked in the References section.\n\nSecurity Fix(es):\n\n* undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)\n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\n* apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:6114", "url": "https://access.redhat.com/errata/RHSA-2023:6114" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.7.17", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=catRhoar.spring.boot\u0026version=2.7.17" }, { "category": "external", "summary": "2221135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221135" }, { "category": "external", "summary": "2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6114.json" } ], "title": "Red Hat Security Advisory: Red Hat support for Spring Boot 2.7.17 security update", "tracking": { "current_release_date": "2024-12-17T02:45:25+00:00", "generator": { "date": "2024-12-17T02:45:25+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:6114", "initial_release_date": "2023-10-25T14:53:30+00:00", "revision_history": [ { "date": "2023-10-25T14:53:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-25T14:53:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T02:45:25+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Spring Boot 2.7.17", "product": { "name": "Spring Boot 2.7.17", "product_id": "Spring Boot 2.7.17", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-33008", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2221135" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Johnzon. This issue could allow an attacker to craft a specific JSON input that Johnzon will deserialize into a BigDecimal, which Johnzon may use to start converting large numbers, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Spring Boot 2.7.17" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33008" }, { "category": "external", "summary": "RHBZ#2221135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33008", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33008" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33008", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33008" }, { "category": "external", "summary": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l", "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ], "release_date": "2023-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-25T14:53:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Spring Boot 2.7.17" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6114" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Spring Boot 2.7.17" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale" }, { "cve": "CVE-2023-44487", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2023-10-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2242803" } ], "notes": [ { "category": "description", "text": "A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as \u0027Important\u0027 as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit.\r\n\r\nCVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages.\r\n\r\nSecurity Bulletin\r\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2023-003", "title": "Vulnerability description" }, { "category": "summary", "text": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "title": "Vulnerability summary" }, { "category": "other", "text": "NGINX has been marked as Moderate Impact because, for performance and resource consumption reasons, NGINX limits the number of concurrent streams to a default of 128. In addition, to optimally balance network and server performance, NGINX allows the client to persist HTTP connections for up to 1000 requests by default using an HTTP keepalive.\n\nThe majority of RHEL utilities are not long-running applications; instead, they are command-line tools. These tools utilize Golang package as build-time dependency, which is why they are classified as having a \"Moderate\" level of impact.\n\nrhc component is no longer impacted by CVE-2023-44487 \u0026 CVE-2023-39325.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Spring Boot 2.7.17" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-44487" }, { "category": "external", "summary": "RHBZ#2242803", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2242803" }, { "category": "external", "summary": "RHSB-2023-003", "url": "https://access.redhat.com/security/vulnerabilities/RHSB-2023-003" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-44487", "url": "https://www.cve.org/CVERecord?id=CVE-2023-44487" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" }, { "category": "external", "summary": "https://github.com/dotnet/announcements/issues/277", "url": "https://github.com/dotnet/announcements/issues/277" }, { "category": "external", "summary": "https://pkg.go.dev/vuln/GO-2023-2102", "url": "https://pkg.go.dev/vuln/GO-2023-2102" }, { "category": "external", "summary": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "url": "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487" }, { "category": "external", "summary": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "url": "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/" }, { "category": "external", "summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" } ], "release_date": "2023-10-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-25T14:53:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "Spring Boot 2.7.17" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:6114" }, { "category": "workaround", "details": "Users are strongly urged to update their software as soon as fixes are available. \nThere are several mitigation approaches for this flaw. \n\n1. If circumstances permit, users may disable http2 endpoints to circumvent the flaw altogether until a fix is available.\n2. IP-based blocking or flood protection and rate control tools may be used at network endpoints to filter incoming traffic.\n3. Several package specific mitigations are also available. \n a. nginx: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/\n b. netty: https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p\n c. haproxy: https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487\n d. nghttp2: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-vx74-f528-fxqg\n e. golang: The default stream concurrency limit in golang is 250 streams (requests) per HTTP/2 connection. This value may be adjusted in the golang.org/x/net/http2 package using the Server.MaxConcurrentStreams setting and the ConfigureServer function which are available in golang.org/x/net/http2.", "product_ids": [ "Spring Boot 2.7.17" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Spring Boot 2.7.17" ] } ], "threats": [ { "category": "exploit_status", "date": "2023-10-10T00:00:00+00:00", "details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog" }, { "category": "impact", "details": "Important" } ], "title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)" } ] }
rhsa-2023_5441
Vulnerability from csaf_redhat
Published
2023-10-04 11:59
Modified
2024-12-16 18:32
Summary
Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update
Notes
Topic
Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available.
Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Integration Camel for Spring Boot 4.0.0 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.
* batik: Server-Side Request Forgery vulnerability (CVE-2022-44729)
* batik: Server-Side Request Forgery vulnerability (CVE-2022-44730)
* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)
* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)
* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)
* apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)
* netty: io.netty:netty-handler: SniHandler 16MB allocation (CVE-2023-34462)
* jetty-http: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available. \n\nRed Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Integration Camel for Spring Boot 4.0.0 is now available. The purpose of this text-only errata is to inform you about the security issues fixed.\n\n* batik: Server-Side Request Forgery vulnerability (CVE-2022-44729)\n\n* batik: Server-Side Request Forgery vulnerability (CVE-2022-44730)\n\n* apache-ivy: XML External Entity vulnerability (CVE-2022-46751)\n\n* jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)\n\n* jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)\n\n* apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)\n\n* netty: io.netty:netty-handler: SniHandler 16MB allocation (CVE-2023-34462)\n\n* jetty-http: jetty: Improper validation of HTTP/1 content-length (CVE-2023-40167)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5441", "url": "https://access.redhat.com/errata/RHSA-2023:5441" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q4", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=red.hat.integration\u0026version=2023-Q4" }, { "category": "external", "summary": "2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "2221135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221135" }, { "category": "external", "summary": "2233112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112" }, { "category": "external", "summary": "2233889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233889" }, { "category": "external", "summary": "2233899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233899" }, { "category": "external", "summary": "2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "2239634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5441.json" } ], "title": "Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update", "tracking": { "current_release_date": "2024-12-16T18:32:20+00:00", "generator": { "date": "2024-12-16T18:32:20+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:5441", "initial_release_date": "2023-10-04T11:59:23+00:00", "revision_history": [ { "date": "2023-10-04T11:59:23+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-04T11:59:23+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-16T18:32:20+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "RHINT Camel-Springboot 4.0.0", "product": { "name": "RHINT Camel-Springboot 4.0.0", "product_id": "RHINT Camel-Springboot 4.0.0", "product_identification_helper": { "cpe": "cpe:/a:redhat:camel_spring_boot:4.0.0" } } } ], "category": "product_family", "name": "Red Hat Integration" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-44729", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2023-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2233889" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure.", "title": "Vulnerability description" }, { "category": "summary", "text": "batik: Server-Side Request Forgery vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-44729" }, { "category": "external", "summary": "RHBZ#2233889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233889" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-44729", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44729" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-44729", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44729" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-gq5f-xv48-2365", "url": "https://github.com/advisories/GHSA-gq5f-xv48-2365" }, { "category": "external", "summary": "https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2", "url": "https://lists.apache.org/thread/hco2nw1typoorz33qzs0fcdx0ws6d6j2" } ], "release_date": "2023-08-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "batik: Server-Side Request Forgery vulnerability" }, { "cve": "CVE-2022-44730", "cwe": { "id": "CWE-918", "name": "Server-Side Request Forgery (SSRF)" }, "discovery_date": "2023-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2233899" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as parameter to a URL. This issue can allow an attacker to conduct SSRF attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "batik: Server-Side Request Forgery vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-44730" }, { "category": "external", "summary": "RHBZ#2233899", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233899" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-44730", "url": "https://www.cve.org/CVERecord?id=CVE-2022-44730" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-44730", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-44730" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-2474-2566-3qxp", "url": "https://github.com/advisories/GHSA-2474-2566-3qxp" }, { "category": "external", "summary": "https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0", "url": "https://lists.apache.org/thread/58m5817jr059f4v1zogh0fngj9pwjyj0" } ], "release_date": "2023-08-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "batik: Server-Side Request Forgery vulnerability" }, { "cve": "CVE-2022-46751", "cwe": { "id": "CWE-91", "name": "XML Injection (aka Blind XPath Injection)" }, "discovery_date": "2023-08-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2233112" } ], "notes": [ { "category": "description", "text": "Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.\n\nWhen Apache Ivy prior to 2.5.2 parses XML files - either its own configuration, Ivy files or Apache Maven POMs - it will allow downloading external document type definitions and expand any entity references contained therein when used.\n\nThis can be used to exfiltrate data, access resources only the machine running Ivy has access to or disturb the execution of Ivy in different ways.\n\nStarting with Ivy 2.5.2 DTD processing is disabled by default except when parsing Maven POMs where the default is to allow DTD processing but only to include a DTD snippet shipping with Ivy that is needed to deal with existing Maven POMs that are not valid XML files but are nevertheless accepted by Maven. Access can be be made more lenient via newly introduced system properties where needed.\n\nUsers of Ivy prior to version 2.5.2 can use Java system properties to restrict processing of external DTDs, see the section about \"JAXP Properties for External Access restrictions\" inside Oracle\u0027s \"Java API for XML Processing (JAXP) Security Guide\".\n\n", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-ivy: XML External Entity vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-46751" }, { "category": "external", "summary": "RHBZ#2233112", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2233112" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-46751", "url": "https://www.cve.org/CVERecord?id=CVE-2022-46751" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46751" }, { "category": "external", "summary": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8", "url": "https://lists.apache.org/thread/1dj60hg5nr36kjr4p1100dwjrqookps8" } ], "release_date": "2023-08-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 8.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-ivy: XML External Entity vulnerability" }, { "cve": "CVE-2023-26048", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236340" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. A servlet with multipart support could get an OutOfMemorryError when the client sends a part that has a name but no filename and substantial content. This flaw allows a malicious user to jeopardize the environment by leaving the JVM in an unreliable state.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26048" }, { "category": "external", "summary": "RHBZ#2236340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26048", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26048" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-qw69-rqj8-6qw8" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter()" }, { "cve": "CVE-2023-26049", "cwe": { "id": "CWE-1286", "name": "Improper Validation of Syntactic Correctness of Input" }, "discovery_date": "2023-08-30T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2236341" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jetty-server package. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies or otherwise perform unintended behavior by tampering with the cookie parsing mechanism.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-26049" }, { "category": "external", "summary": "RHBZ#2236341", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2236341" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-26049", "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26049" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c" } ], "release_date": "2023-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies" }, { "cve": "CVE-2023-33008", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2221135" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Johnzon. This issue could allow an attacker to craft a specific JSON input that Johnzon will deserialize into a BigDecimal, which Johnzon may use to start converting large numbers, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33008" }, { "category": "external", "summary": "RHBZ#2221135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33008", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33008" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33008", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33008" }, { "category": "external", "summary": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l", "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ], "release_date": "2023-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale" }, { "cve": "CVE-2023-34462", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-06-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2216888" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty\u0027s SniHandler while navigating TLS handshake which may permit a large heap allocation if the handler did not have a timeout configured. This issue may allow an attacker to send a client hello packet which would cause the server to buffer large amounts of data per connection, potentially causing an out of memory error, resulting in Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: SniHandler 16MB allocation leads to OOM", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-34462" }, { "category": "external", "summary": "RHBZ#2216888", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2216888" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-34462", "url": "https://www.cve.org/CVERecord?id=CVE-2023-34462" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34462" } ], "release_date": "2023-06-23T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" }, { "category": "workaround", "details": "Configuration of SniHandler with an idle timeout will mitigate this issue.", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: SniHandler 16MB allocation leads to OOM" }, { "cve": "CVE-2023-40167", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "discovery_date": "2023-09-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2239634" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty that permits a plus sign (+) preceding the content-length value in a HTTP/1 header field, which is non-standard and more permissive than RFC. This issue could allow an attacker to request smuggling in conjunction with a server that does not close connections after 400 responses.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Improper validation of HTTP/1 content-length", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "RHINT Camel-Springboot 4.0.0" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-40167" }, { "category": "external", "summary": "RHBZ#2239634", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239634" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-40167", "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40167" }, { "category": "external", "summary": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6", "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-hmr7-m48g-48f6" }, { "category": "external", "summary": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6", "url": "https://www.rfc-editor.org/rfc/rfc9110#section-8.6" } ], "release_date": "2023-09-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-04T11:59:23+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "RHINT Camel-Springboot 4.0.0" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5441" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "RHINT Camel-Springboot 4.0.0" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: Improper validation of HTTP/1 content-length" } ] }
rhsa-2023_5491
Vulnerability from csaf_redhat
Published
2023-10-05 22:37
Modified
2024-12-17 04:51
Summary
Red Hat Security Advisory: Red Hat AMQ Broker 7.11.2 release and security update
Notes
Topic
Red Hat AMQ Broker 7.11.2 is now available from the Red Hat Customer Portal.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.
This release of Red Hat AMQ Broker 7.11.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.
Security Fix(es):
* guava: insecure temporary directory creation (CVE-2023-2976)
* apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)
* keycloak: Untrusted Certificate Validation (CVE-2023-1664)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat AMQ Broker 7.11.2 is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms.\n\nThis release of Red Hat AMQ Broker 7.11.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.\n\nSecurity Fix(es):\n\n* guava: insecure temporary directory creation (CVE-2023-2976)\n\n* apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale (CVE-2023-33008)\n\n* keycloak: Untrusted Certificate Validation (CVE-2023-1664)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:5491", "url": "https://access.redhat.com/errata/RHSA-2023:5491" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.11.2", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=distributions\u0026product=jboss.amq.broker\u0026version=7.11.2" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11", "url": "https://access.redhat.com/documentation/en-us/red_hat_amq_broker/7.11" }, { "category": "external", "summary": "2182196", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182196" }, { "category": "external", "summary": "2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "2221135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221135" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5491.json" } ], "title": "Red Hat Security Advisory: Red Hat AMQ Broker 7.11.2 release and security update", "tracking": { "current_release_date": "2024-12-17T04:51:27+00:00", "generator": { "date": "2024-12-17T04:51:27+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.3" } }, "id": "RHSA-2023:5491", "initial_release_date": "2023-10-05T22:37:30+00:00", "revision_history": [ { "date": "2023-10-05T22:37:30+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-10-05T22:37:30+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-17T04:51:27+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AMQ Broker 7.11.2", "product": { "name": "AMQ Broker 7.11.2", "product_id": "AMQ Broker 7.11.2", "product_identification_helper": { "cpe": "cpe:/a:redhat:amq_broker:7" } } } ], "category": "product_family", "name": "Red Hat JBoss AMQ" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "acknowledgments": [ { "names": [ "Henrik Oehmke" ], "organization": "adesso SE" } ], "cve": "CVE-2023-1664", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2023-03-27T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2182196" } ], "notes": [ { "category": "description", "text": "A flaw was found in Keycloak. This flaw depends on a non-default configuration \"Revalidate Client Certificate\" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FILE variable is missing/misconfigured, any trustfile may be accepted with the logging information of \"Cannot validate client certificate trust: Truststore not available\". \r\n\r\nThis may not impact availability, but consumer applications Integrity or Confidentiality. Considering the environment is correctly set, this flaw is avoidable by configuring the server.", "title": "Vulnerability description" }, { "category": "summary", "text": "keycloak: Untrusted Certificate Validation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Impact rated as a low impact considering there\u0027s a mitigation for this issue which would be consider the environment is correctly set with the truststore file. With these settings, the environment there\u0027s no evidence of attack possibility. Also it\u0027s possible to track under the server logs for more evidences.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AMQ Broker 7.11.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-1664" }, { "category": "external", "summary": "RHBZ#2182196", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2182196" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-1664", "url": "https://www.cve.org/CVERecord?id=CVE-2023-1664" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-1664", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-1664" }, { "category": "external", "summary": "https://github.com/advisories/GHSA-5cc8-pgp5-7mpm", "url": "https://github.com/advisories/GHSA-5cc8-pgp5-7mpm" } ], "release_date": "2023-03-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T22:37:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "AMQ Broker 7.11.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5491" }, { "category": "workaround", "details": "Make sure KC_SPI_TRUSTSTORE_FILE_FILE is correctly set and the logs are not reporting the \"Cannot validate client certificate trust: Truststore not available\" after an attempt to explore the vulnerability. Note this message may happen under other scenarios and reasons but the expected behavior would be that a non-valid certificate to pass.", "product_ids": [ "AMQ Broker 7.11.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AMQ Broker 7.11.2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "keycloak: Untrusted Certificate Validation" }, { "cve": "CVE-2023-2976", "cwe": { "id": "CWE-552", "name": "Files or Directories Accessible to External Parties" }, "discovery_date": "2023-06-15T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2215229" } ], "notes": [ { "category": "description", "text": "A flaw was found in Guava. The methodology for temporary directories and files can allow other local users or apps with accordant permissions to access the temp files, possibly leading to information exposure or tampering in the files created in the directory.", "title": "Vulnerability description" }, { "category": "summary", "text": "guava: insecure temporary directory creation", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Single Sign-On 7 ships the affected component as a layered product of Red Hat JBoss Enterprise Application 7, and as such is affected by this flaw. However, Single Sign-On 7 does not use the affected code and is not vulnerable to exploit.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AMQ Broker 7.11.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-2976" }, { "category": "external", "summary": "RHBZ#2215229", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215229" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-2976", "url": "https://www.cve.org/CVERecord?id=CVE-2023-2976" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2976" } ], "release_date": "2023-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T22:37:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "AMQ Broker 7.11.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5491" }, { "category": "workaround", "details": "Temp files should be created with sufficiently non-predictable names and in a secure-permissioned, dedicated temp folder.", "product_ids": [ "AMQ Broker 7.11.2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AMQ Broker 7.11.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "guava: insecure temporary directory creation" }, { "cve": "CVE-2023-33008", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2023-07-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2221135" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Johnzon. This issue could allow an attacker to craft a specific JSON input that Johnzon will deserialize into a BigDecimal, which Johnzon may use to start converting large numbers, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AMQ Broker 7.11.2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-33008" }, { "category": "external", "summary": "RHBZ#2221135", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221135" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-33008", "url": "https://www.cve.org/CVERecord?id=CVE-2023-33008" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-33008", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33008" }, { "category": "external", "summary": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l", "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ], "release_date": "2023-07-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-10-05T22:37:30+00:00", "details": "Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings.\n\nThe References section of this erratum contains a download link (you must log in to download the update).", "product_ids": [ "AMQ Broker 7.11.2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:5491" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AMQ Broker 7.11.2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apache-johnzon: Prevent inefficient internal conversion from BigDecimal at large scale" } ] }
ghsa-crqg-jrpj-fc84
Vulnerability from github
Published
2023-07-07 12:30
Modified
2023-07-14 19:41
Severity ?
Summary
Apache Johnzon Deserialization of Untrusted Data vulnerability
Details
A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal.
This issue affects Apache Johnzon through 1.2.20.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "org.apache.johnzon:johnzon-mapper" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "1.2.21" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2023-33008" ], "database_specific": { "cwe_ids": [ "CWE-502" ], "github_reviewed": true, "github_reviewed_at": "2023-07-07T18:32:03Z", "nvd_published_at": "2023-07-07T10:15:09Z", "severity": "MODERATE" }, "details": "A malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \n\n\nThis issue affects Apache Johnzon through 1.2.20.\n\n", "id": "GHSA-crqg-jrpj-fc84", "modified": "2023-07-14T19:41:32Z", "published": "2023-07-07T12:30:22Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33008" }, { "type": "WEB", "url": "https://github.com/apache/johnzon/commit/34ad9a6b296ae7b4667c3cf0037998e451499ea4" }, { "type": "PACKAGE", "url": "https://github.com/apache/johnzon" }, { "type": "WEB", "url": "https://issues.apache.org/jira/browse/JOHNZON-397" }, { "type": "WEB", "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "type": "CVSS_V3" } ], "summary": "Apache Johnzon Deserialization of Untrusted Data vulnerability" }
gsd-2023-33008
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.
A malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal.
This issue affects Apache Johnzon: through 1.2.20.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2023-33008", "id": "GSD-2023-33008" }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2023-33008" ], "details": "Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\n\n\nA malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \n\n\nThis issue affects Apache Johnzon: through 1.2.20.\n\n", "id": "GSD-2023-33008", "modified": "2023-12-13T01:20:37.261765Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2023-33008", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Apache Johnzon", "version": { "version_data": [ { "version_value": "not down converted", "x_cve_json_5_version_data": { "defaultStatus": "affected", "versions": [ { "lessThanOrEqual": "1.2.20", "status": "affected", "version": "0", "versionType": "1.2.21" } ] } } ] } } ] }, "vendor_name": "Apache Software Foundation" } ] } }, "credits": [ { "lang": "en", "value": "PJ Fanning" }, { "lang": "en", "value": "Jean-Louis Monteiro" }, { "lang": "en", "value": "Romain Manni-Bucau" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\n\n\nA malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \n\n\nThis issue affects Apache Johnzon: through 1.2.20.\n\n" } ] }, "generator": { "engine": "Vulnogram 0.1.0-dev" }, "problemtype": { "problemtype_data": [ { "description": [ { "cweId": "CWE-502", "lang": "eng", "value": "CWE-502 Deserialization of Untrusted Data" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l", "refsource": "MISC", "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ] }, "source": { "defect": [ "JOHNZON-397" ], "discovery": "EXTERNAL" } }, "gitlab.com": { "advisories": [ { "affected_range": "(,1.2.21)", "affected_versions": "All versions before 1.2.21", "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "cwe_ids": [ "CWE-1035", "CWE-502", "CWE-937" ], "date": "2023-07-14", "description": "Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\n\n\nA malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \n\n\nThis issue affects Apache Johnzon: through 1.2.20.\n\n", "fixed_versions": [ "1.2.21" ], "identifier": "CVE-2023-33008", "identifiers": [ "GHSA-crqg-jrpj-fc84", "CVE-2023-33008" ], "not_impacted": "All versions starting from 1.2.21", "package_slug": "maven/org.apache.johnzon/johnzon-mapper", "pubdate": "2023-07-07", "solution": "Upgrade to version 1.2.21 or above.", "title": "Deserialization of Untrusted Data", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2023-33008", "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l", "https://github.com/apache/johnzon/commit/34ad9a6b296ae7b4667c3cf0037998e451499ea4", "https://issues.apache.org/jira/browse/JOHNZON-397", "https://github.com/advisories/GHSA-crqg-jrpj-fc84" ], "uuid": "264f5d83-77df-4155-b005-51cff6e404de" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:apache:johnzon:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "1.2.21", "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@apache.org", "ID": "CVE-2023-33008" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\n\n\nA malicious attacker can craft up some JSON input that uses large numbers (numbers such as\u00a01e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \n\n\nThis issue affects Apache Johnzon: through 1.2.20.\n\n" } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-502" } ] } ] }, "references": { "reference_data": [ { "name": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l", "refsource": "MISC", "tags": [ "Issue Tracking", "Mailing List", "Vendor Advisory" ], "url": "https://lists.apache.org/thread/qbg14djo95gfpk7o560lr8wcrzfyw43l" } ] } }, "impact": { "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 1.4 } }, "lastModifiedDate": "2023-07-14T17:00Z", "publishedDate": "2023-07-07T10:15Z" } } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.