Action not permitted
Modal body text goes here.
cve-2024-6162
Vulnerability from cvelistv5
Published
2024-06-20 14:33
Modified
2024-10-31 14:20
Severity ?
EPSS score ?
Summary
Undertow: url-encoded request path information can be broken on ajp-listener
References
Impacted products
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2024-6162", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-06-20T16:12:01.298919Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-06-20T16:12:42.628Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-01T21:33:05.087Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/security/cve/CVE-2024-6162" }, { "name": "RHBZ#2293069", "tags": [ "issue-tracking", "x_refsource_REDHAT", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "collectionURL": "https://github.com/undertow-io/undertow", "packageName": "undertow", "versions": [ { "lessThan": "2.2.33.Final", "status": "affected", "version": "0", "versionType": "custom" }, { "lessThan": "2.3.14", "status": "affected", "version": "2.3.0.Alpha1", "versionType": "custom" } ] }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" ], "defaultStatus": "unaffected", "product": "EAP 8.0.1", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "unaffected", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:camel_spring_boot:3" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat build of Apache Camel for Spring Boot 3", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:rhboac_hawtio:4" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat build of Apache Camel - HawtIO", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:build_keycloak:" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Build of Keycloak", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_data_grid:8" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat Data Grid 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_fuse:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Fuse 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:integration:1" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Integration Camel K", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_data_grid:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat JBoss Data Grid 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:7" ], "defaultStatus": "unaffected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jboss_enterprise_application_platform:8" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform 8", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html", "cpes": [ "cpe:/a:redhat:jbosseapxp" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Process Automation 7", "vendor": "Red Hat" }, { "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "cpes": [ "cpe:/a:redhat:red_hat_single_sign_on:7" ], "defaultStatus": "affected", "packageName": "undertow", "product": "Red Hat Single Sign-On 7", "vendor": "Red Hat" } ], "datePublic": "2024-06-19T00:00:00+00:00", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \"404 Not Found\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up." } ], "metrics": [ { "other": { "content": { "namespace": "https://access.redhat.com/security/updates/classification/", "value": "Moderate" }, "type": "Red Hat severity rating" } }, { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-31T14:20:26.432Z", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2024:1194", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "name": "RHSA-2024:4386", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4386" }, { "name": "RHSA-2024:4884", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "tags": [ "vdb-entry", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/security/cve/CVE-2024-6162" }, { "name": "RHBZ#2293069", "tags": [ "issue-tracking", "x_refsource_REDHAT" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "url": "https://issues.redhat.com/browse/JBEAP-26268" } ], "timeline": [ { "lang": "en", "time": "2024-06-19T00:00:00+00:00", "value": "Reported to Red Hat." }, { "lang": "en", "time": "2024-06-19T00:00:00+00:00", "value": "Made public." } ], "title": "Undertow: url-encoded request path information can be broken on ajp-listener", "workarounds": [ { "lang": "en", "value": "To mitigate this issue, you can either switch to a different listener like the http-listener, or adjust the AJP listener configuration. By setting decode-url=\"false\" on the AJP listener and configuring a separate URL decoding filter, you can prevent the path decoding errors. This adjustment ensures that each request is processed correctly without interference from concurrent requests." } ], "x_redhatCweChain": "CWE-362-\u003eCWE-400: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027) leads to Uncontrolled Resource Consumption" } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2024-6162", "datePublished": "2024-06-20T14:33:10.342Z", "dateReserved": "2024-06-19T12:35:30.284Z", "dateUpdated": "2024-10-31T14:20:26.432Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-6162\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-06-20T15:15:50.570\",\"lastModified\":\"2024-09-09T18:15:04.023\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \\\"404 Not Found\\\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 una vulnerabilidad en Undertow. La informaci\u00f3n de la ruta de solicitud codificada en URL se puede romper para solicitudes simult\u00e1neas en ajp-listener, lo que provoca que se procese la ruta incorrecta y resulte en una posible denegaci\u00f3n de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:1194\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4386\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:4884\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-6162\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2293069\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://issues.redhat.com/browse/JBEAP-26268\",\"source\":\"secalert@redhat.com\"}]}}" } }
rhsa-2024_1194
Vulnerability from csaf_redhat
Published
2024-03-06 15:38
Modified
2024-11-06 05:12
Summary
Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.1 security update
Notes
Topic
An update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.0 Release Notes for information about the most significant bug fixes and enhancements included in this release.
Security Fix(es):
* jgit: arbitrary file overwrite (CVE-2023-4759)
* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)
* parsson: Denial of Service due to large number parsing (CVE-2023-4043)
* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (CVE-2023-48795)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 8.0.1 serves as a replacement for Red Hat JBoss Enterprise Application Platform 8.0.0, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 8.0.0 Release Notes for information about the most significant bug fixes and enhancements included in this release.\n\nSecurity Fix(es):\n\n* jgit: arbitrary file overwrite (CVE-2023-4759)\n\n* sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)\n\n* parsson: Denial of Service due to large number parsing (CVE-2023-4043)\n\n* apache-sshd: ssh: Prefix truncation attack on Binary Packet Protocol (CVE-2023-48795)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:1194", "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8.0/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/8.0/" }, { "category": "external", "summary": "2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "2240036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036" }, { "category": "external", "summary": "2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "2254594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254594" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1194.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 8.0.1 security update", "tracking": { "current_release_date": "2024-11-06T05:12:02+00:00", "generator": { "date": "2024-11-06T05:12:02+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:1194", "initial_release_date": "2024-03-06T15:38:13+00:00", "revision_history": [ { "date": "2024-03-06T15:38:13+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-03-06T15:38:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T05:12:02+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "EAP 8.0.1", "product": { "name": "EAP 8.0.1", "product_id": "EAP 8.0.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:8.0" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-4043", "cwe": { "id": "CWE-834", "name": "Excessive Iteration" }, "discovery_date": "2023-12-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254594" } ], "notes": [ { "category": "description", "text": "A flaw was found in Eclipse Parsson library when processing untrusted source content. This issue may cause a Denial of Service (DoS) due to built-in support for parsing numbers with a large scale, and some cases where processing a large number may take much more time than expected.", "title": "Vulnerability description" }, { "category": "summary", "text": "parsson: Denial of Service due to large number parsing", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat rates this as an important impact since one needs to process untrusted and if there is no sanitization a Denial of Service (DoS) may happen.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 8.0.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4043" }, { "category": "external", "summary": "RHBZ#2254594", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254594" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4043", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4043" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4043", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4043" } ], "release_date": "2023-11-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-06T15:38:13+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "EAP 8.0.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "category": "workaround", "details": "Avoid processing untrusted sources content in order to minimize the chance for Denial of Service attack.", "product_ids": [ "EAP 8.0.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 8.0.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "parsson: Denial of Service due to large number parsing" }, { "cve": "CVE-2023-4759", "discovery_date": "2023-09-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2238614" } ], "notes": [ { "category": "description", "text": "Arbitrary File Overwrite in Eclipse JGit \u003c= 6.6.0\n\nIn Eclipse JGit, all versions \u003c= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger\u00a0via its WorkingTreeUpdater), pull (PullCommand\u00a0using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false\u00a0before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/ \u00a0and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ . A backport is available in 5.13.3 starting from 5.13.3.202401111512-r.\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n", "title": "Vulnerability description" }, { "category": "summary", "text": "jgit: arbitrary file overwrite", "title": "Vulnerability summary" } ], "product_status": { "fixed": [ "EAP 8.0.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-4759" }, { "category": "external", "summary": "RHBZ#2238614", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238614" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-4759", "url": "https://www.cve.org/CVERecord?id=CVE-2023-4759" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4759" } ], "release_date": "2023-09-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-06T15:38:13+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "EAP 8.0.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1194" } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jgit: arbitrary file overwrite" }, { "cve": "CVE-2023-35887", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2023-09-21T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2240036" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache Mina SSHD that could be exploited on certain SFTP servers implemented using the Apache Mina RootedFileSystem. This issue could permit authenticated users to view information outside of their permissions scope.", "title": "Vulnerability description" }, { "category": "summary", "text": "apache-mina-sshd: information exposure in SFTP server implementations", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 8.0.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-35887" }, { "category": "external", "summary": "RHBZ#2240036", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2240036" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-35887", "url": "https://www.cve.org/CVERecord?id=CVE-2023-35887" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35887" } ], "release_date": "2023-07-10T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-06T15:38:13+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "EAP 8.0.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1194" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "EAP 8.0.1" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "apache-mina-sshd: information exposure in SFTP server implementations" }, { "cve": "CVE-2023-48795", "cwe": { "id": "CWE-222", "name": "Truncation of Security-relevant Information" }, "discovery_date": "2023-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2254210" } ], "notes": [ { "category": "description", "text": "A flaw was found in the SSH channel integrity. By manipulating sequence numbers during the handshake, an attacker can remove the initial messages on the secure channel without causing a MAC failure. For example, an attacker could disable the ping extension and thus disable the new countermeasure in OpenSSH 9.5 against keystroke timing attacks.", "title": "Vulnerability description" }, { "category": "summary", "text": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is classified as moderate because the attack requires an active Man-in-the-Middle (MITM) who can intercept and modify the connection\u0027s traffic at the TCP/IP layer.\n\nAlthough the attack is cryptographically innovative, its security impact is fortunately quite limited. It only allows the deletion of consecutive messages, and deleting most messages at this protocol stage prevents user authentication from proceeding, leading to a stalled connection.\n\nThe most significant identified impact is that it enables a MITM to delete the SSH2_MSG_EXT_INFO message sent before authentication begins. This allows the attacker to disable a subset of keystroke timing obfuscation features. However, there is no other observable impact on session secrecy or session integrity.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 8.0.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-48795" }, { "category": "external", "summary": "RHBZ#2254210", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254210" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-48795", "url": "https://www.cve.org/CVERecord?id=CVE-2023-48795" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-48795" }, { "category": "external", "summary": "https://access.redhat.com/solutions/7071748", "url": "https://access.redhat.com/solutions/7071748" }, { "category": "external", "summary": "https://terrapin-attack.com/", "url": "https://terrapin-attack.com/" } ], "release_date": "2023-12-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-06T15:38:13+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "EAP 8.0.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "category": "workaround", "details": "Update to the last version and check that client and server provide kex pseudo-algorithms indicating usage of the updated version of the protocol which is protected from the attack. If \"kex-strict-c-v00@openssh.com\" is provided by clients and \"kex-strict-s-v00@openssh.com\" is in the server\u0027s reply, no other steps are necessary.\n\nDisabling ciphers if necessary:\n\nIf \"kex-strict-c-v00@openssh.com\" is not provided by clients or \"kex-strict-s-v00@openssh.com\" is absent in the server\u0027s reply, you can disable the following ciphers and HMACs as a workaround on RHEL-8 and RHEL-9:\n\n1. chacha20-poly1305@openssh.com\n2. hmac-sha2-512-etm@openssh.com\n3. hmac-sha2-256-etm@openssh.com\n4. hmac-sha1-etm@openssh.com\n5. hmac-md5-etm@openssh.com\n\nTo do that through crypto-policies, one can apply a subpolicy with the following content:\n```\ncipher@SSH = -CHACHA20-POLY1305\nssh_etm = 0\n```\ne.g., by putting these lines into `/etc/crypto-policies/policies/modules/CVE-2023-48795.pmod`, applying the resulting subpolicy with `update-crypto-policies --set $(update-crypto-policies --show):CVE-2023-48795` and restarting openssh server.\n\nOne can verify that the changes are in effect by ensuring the ciphers listed above are missing from both `/etc/crypto-policies/back-ends/openssh.config` and `/etc/crypto-policies/back-ends/opensshserver.config`.\n\nFor more details on using crypto-policies, please refer to https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening\n\nNote that this procedure does limit the interoperability of the host and is only suggested as a temporary mitigation until the issue is fully resolved with an update.\n\nFor RHEL-7: \nWe can recommend to use strict MACs and Ciphers on RHEL7 in both files /etc/ssh/ssh_config and /etc/ssh/sshd_config.\n\nBelow strict set of Ciphers and MACs can be used as mitigation for RHEL 7.\n\n```\nCiphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com\nMACs umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512\n```\n\n- For Openshift Container Platform 4:\nPlease refer the KCS[1] document for verifying the fix in RHCOS.\n\n[1] https://access.redhat.com/solutions/7071748", "product_ids": [ "EAP 8.0.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "EAP 8.0.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)" }, { "cve": "CVE-2024-6162", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293069" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \"404 Not Found\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: url-encoded request path information can be broken on ajp-listener", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as moderate severity rather than important because it specifically affects URL-encoded request paths under concurrent access conditions, primarily through the AJP listener. While it can lead to 404 errors or application failures, it does not inherently compromise data integrity, security, or lead to direct unauthorized access. The impact is limited to incorrect handling of certain URL-encoded paths, which means it primarily disrupts access to static or encoded resources rather than posing a broader risk to the system\u2019s overall security or functionality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 8.0.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6162" }, { "category": "external", "summary": "RHBZ#2293069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6162", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6162" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162" }, { "category": "external", "summary": "https://issues.redhat.com/browse/JBEAP-26268", "url": "https://issues.redhat.com/browse/JBEAP-26268" } ], "release_date": "2024-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-06T15:38:13+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "EAP 8.0.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "category": "workaround", "details": "To mitigate this issue, you can either switch to a different listener like the http-listener, or adjust the AJP listener configuration. By setting decode-url=\"false\" on the AJP listener and configuring a separate URL decoding filter, you can prevent the path decoding errors. This adjustment ensures that each request is processed correctly without interference from concurrent requests.", "product_ids": [ "EAP 8.0.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "EAP 8.0.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: url-encoded request path information can be broken on ajp-listener" }, { "cve": "CVE-2024-41909", "cwe": { "id": "CWE-354", "name": "Improper Validation of Integrity Check Value" }, "discovery_date": "2024-08-13T17:25:21.934985+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2304442" } ], "notes": [ { "category": "description", "text": "A flaw was found in Apache MINA SSHD. This flaw allows an attacker who can intercept traffic between the client and server to drop certain packets from the stream. This potentially causes a Terrapin attack where the client and server consequently end up with a connection for which some security features have been downgraded or disabled.", "title": "Vulnerability description" }, { "category": "summary", "text": "mina-sshd: integrity check bypass vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Above CVE is classified as a moderate severity issue rather than an important one due to its reliance on specific conditions for exploitation. The vulnerability, known as a Terrapin attack, requires an attacker to have the capability to intercept and manipulate packets between the SSH client and server. This level of access is not commonly available in most network environments, reducing the likelihood of widespread exploitation. Additionally, the impact of the attack\u2014where security features may be downgraded or disabled\u2014depends on the attacker\u0027s ability to perform packet drops without detection, which further limits the potential for significant damage.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "EAP 8.0.1" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-41909" }, { "category": "external", "summary": "RHBZ#2304442", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304442" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-41909", "url": "https://www.cve.org/CVERecord?id=CVE-2024-41909" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-41909", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41909" }, { "category": "external", "summary": "https://github.com/apache/mina-sshd/issues/445", "url": "https://github.com/apache/mina-sshd/issues/445" }, { "category": "external", "summary": "https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b", "url": "https://lists.apache.org/thread/vwf1ot8wx1njyy8n19j5j2tcnjnozt3b" } ], "release_date": "2024-08-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-03-06T15:38:13+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "EAP 8.0.1" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "EAP 8.0.1" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "EAP 8.0.1" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mina-sshd: integrity check bypass vulnerability" } ] }
rhsa-2024_4386
Vulnerability from csaf_redhat
Published
2024-07-08 20:04
Modified
2024-11-06 06:20
Summary
Red Hat Security Advisory: Red Hat JBoss EAP 7.4.17 XP 4.0.2 security release
Notes
Topic
JBoss EAP XP 4.0.2.GA security release on the EAP 7.4.17 base is now available. See references for release notes.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.17.
Security Fix(es):
* jose4j: denial of service via specially crafted JWE (CVE-2023-51775)
A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "JBoss EAP XP 4.0.2.GA security release on the EAP 7.4.17 base is now available. See references for release notes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "This asynchronous patch is a security update zip for the JBoss EAP XP 4.0.2 runtime distribution for use with EAP 7.4.17.\n\nSecurity Fix(es):\n\n* jose4j: denial of service via specially crafted JWE (CVE-2023-51775) \n\nA Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4386", "url": "https://access.redhat.com/errata/RHSA-2024:4386" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/red_hat_jboss_eap_xp_4.0.0_release_notes/" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html/jboss_eap_xp_4.0_upgrade_and_migration_guide/index" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/using_jboss_eap_xp_4.0.0/index" }, { "category": "external", "summary": "2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4386.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss EAP 7.4.17 XP 4.0.2 security release", "tracking": { "current_release_date": "2024-11-06T06:20:04+00:00", "generator": { "date": "2024-11-06T06:20:04+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4386", "initial_release_date": "2024-07-08T20:04:46+00:00", "revision_history": [ { "date": "2024-07-08T20:04:46+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-08T20:04:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T06:20:04+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "product": { "name": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "product_id": "Red Hat JBoss Enterprise Application Platform Expansion Pack", "product_identification_helper": { "cpe": "cpe:/a:redhat:jbosseapxp" } } } ], "category": "product_family", "name": "Red Hat JBoss Enterprise Application Platform" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-51775", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266921" } ], "notes": [ { "category": "description", "text": "A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource-intensive. However, if an attacker sets the p2c parameter in JWE to a large number, it can cause high computational consumption, resulting in a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "jose4j: denial of service via specially crafted JWE", "title": "Vulnerability summary" }, { "category": "other", "text": "The vulnerability in the jose4j library, where the \"p2c\" parameter in PBKDF2-based JWE key management algorithms can be manipulated to induce high computational consumption, is classified as moderate severity due to its potential impact on service availability and resource exhaustion. By setting a large value for \"p2c\", an attacker can force the server to perform an excessive number of PBKDF2 iterations during key derivation. This results in increased CPU and memory usage, potentially leading to degraded performance or temporary denial of service.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-51775" }, { "category": "external", "summary": "RHBZ#2266921", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266921" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51775", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51775" } ], "release_date": "2024-02-29T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-08T20:04:46+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4386" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jose4j: denial of service via specially crafted JWE" }, { "cve": "CVE-2024-6162", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293069" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \"404 Not Found\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: url-encoded request path information can be broken on ajp-listener", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as moderate severity rather than important because it specifically affects URL-encoded request paths under concurrent access conditions, primarily through the AJP listener. While it can lead to 404 errors or application failures, it does not inherently compromise data integrity, security, or lead to direct unauthorized access. The impact is limited to incorrect handling of certain URL-encoded paths, which means it primarily disrupts access to static or encoded resources rather than posing a broader risk to the system\u2019s overall security or functionality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6162" }, { "category": "external", "summary": "RHBZ#2293069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6162", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6162" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162" }, { "category": "external", "summary": "https://issues.redhat.com/browse/JBEAP-26268", "url": "https://issues.redhat.com/browse/JBEAP-26268" } ], "release_date": "2024-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-08T20:04:46+00:00", "details": "Before applying the update, make sure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4386" }, { "category": "workaround", "details": "To mitigate this issue, you can either switch to a different listener like the http-listener, or adjust the AJP listener configuration. By setting decode-url=\"false\" on the AJP listener and configuring a separate URL decoding filter, you can prevent the path decoding errors. This adjustment ensures that each request is processed correctly without interference from concurrent requests.", "product_ids": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat JBoss Enterprise Application Platform Expansion Pack" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: url-encoded request path information can be broken on ajp-listener" } ] }
rhsa-2024_4884
Vulnerability from csaf_redhat
Published
2024-07-25 19:26
Modified
2024-11-06 15:09
Summary
Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.
Notes
Topic
Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.
The purpose of this text-only errata is to inform you about the security issues fixed.
Security Fix(es):
* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)
* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)
* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI supportd (CVE-2024-1300)
* undertow: url-encoded request path information can be broken on ajp-listener (CVE-2024-6162)
* jetty: stop accepting new connections from valid clients (CVE-2024-22201)
* threetenbp: null pointer exception (CVE-2024-23081)
* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service (CVE-2024-29857)
* org.bouncycastle-bcprov-jdk18on: bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) (CVE-2024-30171)
* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class (CVE-2024-30172)
* mvel: TimeOut error when calling ParseTools.subCompileExpression() function (CVE-2023-51079)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat build of Apache Camel 4.4.1 for Spring Boot release and security update is now available.\n\nThe purpose of this text-only errata is to inform you about the security issues fixed.\n\nSecurity Fix(es):\n\n* undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket (CVE-2024-5971)\n\n* pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)\n\n* vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx (CVE-2024-1023)\n\n* vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI supportd (CVE-2024-1300)\n\n* undertow: url-encoded request path information can be broken on ajp-listener (CVE-2024-6162)\n\n* jetty: stop accepting new connections from valid clients (CVE-2024-22201)\n\n* threetenbp: null pointer exception (CVE-2024-23081)\n\n* org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service (CVE-2024-29857)\n\n* org.bouncycastle-bcprov-jdk18on: bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) (CVE-2024-30171)\n\n* org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class (CVE-2024-30172)\n\n* mvel: TimeOut error when calling ParseTools.subCompileExpression() function (CVE-2023-51079)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2024:4884", "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2256065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256065" }, { "category": "external", "summary": "2260840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "category": "external", "summary": "2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "category": "external", "summary": "2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "2266523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266523" }, { "category": "external", "summary": "2274197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274197" }, { "category": "external", "summary": "2276360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360" }, { "category": "external", "summary": "2292211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211" }, { "category": "external", "summary": "2293025", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293025" }, { "category": "external", "summary": "2293028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028" }, { "category": "external", "summary": "2293069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_4884.json" } ], "title": "Red Hat Security Advisory: Red Hat Build of Apache Camel 4.4.1 for Spring Boot security update.", "tracking": { "current_release_date": "2024-11-06T15:09:28+00:00", "generator": { "date": "2024-11-06T15:09:28+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2024:4884", "initial_release_date": "2024-07-25T19:26:07+00:00", "revision_history": [ { "date": "2024-07-25T19:26:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2024-07-25T19:26:07+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T15:09:28+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "product": { "name": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "product_id": "Red Hat build of Apache Camel 4.4.1 for Spring Boot", "product_identification_helper": { "cpe": "cpe:/a:redhat:apache_camel_spring_boot:4.4.1" } } } ], "category": "product_family", "name": "Red Hat Build of Apache Camel" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-51079", "discovery_date": "2023-12-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2256065" } ], "notes": [ { "category": "description", "text": "[DISPUTED] A vulnerability was found in the ParseTools.subCompileExpression() method in the Mvel package. This vulnerability manifests as a TimeOut error, and may allow an attacker to leverage the TimeOut error to disrupt the normal functioning of the system or application, potentially leading to undesired outcomes or disruptions.", "title": "Vulnerability description" }, { "category": "summary", "text": "mvel: TimeOut error when calling ParseTools.subCompileExpression() function", "title": "Vulnerability summary" }, { "category": "other", "text": "This CVE is disputed because the only anticipated outcome is that the parser will take an exceptionally long time to complete its task.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-51079" }, { "category": "external", "summary": "RHBZ#2256065", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256065" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-51079", "url": "https://www.cve.org/CVERecord?id=CVE-2023-51079" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-51079", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-51079" }, { "category": "external", "summary": "https://github.com/mvel/mvel/issues/348", "url": "https://github.com/mvel/mvel/issues/348" } ], "release_date": "2023-12-27T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "mvel: TimeOut error when calling ParseTools.subCompileExpression() function" }, { "cve": "CVE-2024-1023", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2024-01-29T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2260840" } ], "notes": [ { "category": "description", "text": "A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP client establishes connections to different hosts, triggering the memory leak. The leak can be accelerated with intimate runtime knowledge, allowing an attacker to exploit this vulnerability. For instance, a server accepting arbitrary internet addresses could serve as an attack vector by connecting to these addresses, thereby accelerating the memory leak.", "title": "Vulnerability description" }, { "category": "summary", "text": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1023" }, { "category": "external", "summary": "RHBZ#2260840", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260840" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1023", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1023" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1023" }, { "category": "external", "summary": "https://github.com/eclipse-vertx/vert.x/issues/5078", "url": "https://github.com/eclipse-vertx/vert.x/issues/5078" }, { "category": "external", "summary": "https://github.com/eclipse-vertx/vert.x/pull/5080", "url": "https://github.com/eclipse-vertx/vert.x/pull/5080" }, { "category": "external", "summary": "https://github.com/eclipse-vertx/vert.x/pull/5082", "url": "https://github.com/eclipse-vertx/vert.x/pull/5082" } ], "release_date": "2024-01-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx" }, { "cve": "CVE-2024-1300", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2263139" } ], "notes": [ { "category": "description", "text": "A vulnerability in the Eclipse Vert.x toolkit causes a memory leak in TCP servers configured with TLS and SNI support. When processing an unknown SNI server name assigned the default certificate instead of a mapped certificate, the SSL context is erroneously cached in the server name map, leading to memory exhaustion. This flaw allows attackers to send TLS client hello messages with fake server names, triggering a JVM out-of-memory error.", "title": "Vulnerability description" }, { "category": "summary", "text": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support", "title": "Vulnerability summary" }, { "category": "other", "text": "This affects only TLS servers with SNI enabled.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1300" }, { "category": "external", "summary": "RHBZ#2263139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1300", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1300" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1300" }, { "category": "external", "summary": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni.", "url": "https://vertx.io/docs/vertx-core/java/#_server_name_indication_sni." } ], "release_date": "2024-02-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support" }, { "cve": "CVE-2024-1597", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "discovery_date": "2024-02-28T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266523" } ], "notes": [ { "category": "description", "text": "A flaw was found in the PostgreSQL JDBC Driver. A SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code that has a vulnerable SQL that negates a parameter value.", "title": "Vulnerability description" }, { "category": "summary", "text": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE", "title": "Vulnerability summary" }, { "category": "other", "text": "The PostgreSQL JDBC Driver is not affected in the default query mode. Users that do not override the query mode are not impacted.\n\nThe described SQL injection vulnerability, while significant, is categorized as important rather than critical due to several factors. Firstly, the exploitation relies on specific conditions, including the use of a non-default query mode (preferQueryMode=simple) and the precise arrangement of user-controlled parameters within the SQL query. This limits the potential attack surface and reduces the likelihood of widespread exploitation across systems. Additionally, the vulnerability does not pose an immediate and severe risk of system compromise or data breach; rather, it enables attackers to manipulate SQL queries and potentially execute arbitrary commands within the context of the application\u0027s database. Furthermore, the vulnerability can be effectively mitigated by applying the provided patch or by avoiding the use of the vulnerable query mode, thus reducing the risk of exploitation.\n\nRed Hat Satellite ships a PostgreSQL JDBC Driver which embeds into Candlepin. However, Candlepin doesn\u0027t directly utilize the PostgreSQL JDBC Driver and doesn\u0027t set PreferQueryMode. Therefore, although the affected component is shipped, the product impact is considered Low. This issue may be addressed in a future Satellite release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-1597" }, { "category": "external", "summary": "RHBZ#2266523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266523" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-1597", "url": "https://www.cve.org/CVERecord?id=CVE-2024-1597" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-1597", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1597" }, { "category": "external", "summary": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56", "url": "https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56" }, { "category": "external", "summary": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/", "url": "https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/" }, { "category": "external", "summary": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/", "url": "https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/" } ], "release_date": "2024-02-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Do not use the connection propertypreferQueryMode=simple. If you do not explicitly specify a query mode, then you are using the default of extended and are not impacted by this issue.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "pgjdbc: PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE" }, { "cve": "CVE-2024-5971", "cwe": { "id": "CWE-674", "name": "Uncontrolled Recursion" }, "discovery_date": "2024-06-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2292211" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow, where the chunked response hangs after the body was flushed. The response headers and body were sent but the client would continue waiting as Undertow does not send the expected 0\\r\\n termination of the chunked response. This results in uncontrolled resource consumption, leaving the server side to a denial of service attack. This happens only with Java 17 TLSv1.3 scenarios.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket", "title": "Vulnerability summary" }, { "category": "other", "text": "The identified vulnerability in Undertow, where chunked responses fail to terminate properly under Java 17 with TLSv1.3, represents a significant security concern due to its potential for uncontrolled resource consumption and denial of service (DoS) attacks. This issue arises from Undertow\u0027s mishandling of chunked response termination after initial data flushing, leading to clients waiting indefinitely for completion signals that are not sent. Such behavior could be exploited by malicious actors to exhaust server resources, resulting in service degradation or unavailability.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-5971" }, { "category": "external", "summary": "RHBZ#2292211", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292211" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-5971", "url": "https://www.cve.org/CVERecord?id=CVE-2024-5971" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5971", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5971" } ], "release_date": "2024-07-08T20:46:55+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket" }, { "cve": "CVE-2024-6162", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293069" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \"404 Not Found\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: url-encoded request path information can be broken on ajp-listener", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue is classified as moderate severity rather than important because it specifically affects URL-encoded request paths under concurrent access conditions, primarily through the AJP listener. While it can lead to 404 errors or application failures, it does not inherently compromise data integrity, security, or lead to direct unauthorized access. The impact is limited to incorrect handling of certain URL-encoded paths, which means it primarily disrupts access to static or encoded resources rather than posing a broader risk to the system\u2019s overall security or functionality.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-6162" }, { "category": "external", "summary": "RHBZ#2293069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-6162", "url": "https://www.cve.org/CVERecord?id=CVE-2024-6162" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162" }, { "category": "external", "summary": "https://issues.redhat.com/browse/JBEAP-26268", "url": "https://issues.redhat.com/browse/JBEAP-26268" } ], "release_date": "2024-06-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "To mitigate this issue, you can either switch to a different listener like the http-listener, or adjust the AJP listener configuration. By setting decode-url=\"false\" on the AJP listener and configuring a separate URL decoding filter, you can prevent the path decoding errors. This adjustment ensures that each request is processed correctly without interference from concurrent requests.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "undertow: url-encoded request path information can be broken on ajp-listener" }, { "cve": "CVE-2024-22201", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2024-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2266136" } ], "notes": [ { "category": "description", "text": "A flaw was found in Jetty, a Java based web server and servlet engine. If an HTTP/2 connection gets TCP congested, it remains open and idle, and connections may be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: stop accepting new connections from valid clients", "title": "Vulnerability summary" }, { "category": "other", "text": "The issue in Jetty where HTTP/2 connections can enter a congested, idle state and potentially exhaust server file descriptors represents a moderate severity due to its impact on system resources and service availability. While the vulnerability requires the deliberate creation of numerous congested connections by an attacker, its exploitation can lead to denial-of-service conditions by consuming all available file descriptors. This scenario could disrupt legitimate client connections and impair server responsiveness.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-22201" }, { "category": "external", "summary": "RHBZ#2266136", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2266136" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-22201", "url": "https://www.cve.org/CVERecord?id=CVE-2024-22201" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22201" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/issues/11256", "url": "https://github.com/jetty/jetty.project/issues/11256" }, { "category": "external", "summary": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98", "url": "https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98" } ], "release_date": "2024-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: stop accepting new connections from valid clients" }, { "cve": "CVE-2024-23081", "cwe": { "id": "CWE-754", "name": "Improper Check for Unusual or Exceptional Conditions" }, "discovery_date": "2024-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2274197" } ], "notes": [ { "category": "description", "text": "A null pointer exception vulnerability was found in Threeten Backport. If the other parameter is null in ChronoLocalDate, a NullPointerException is thrown.", "title": "Vulnerability description" }, { "category": "summary", "text": "threetenbp: null pointer exception", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-23081" }, { "category": "external", "summary": "RHBZ#2274197", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274197" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-23081", "url": "https://www.cve.org/CVERecord?id=CVE-2024-23081" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23081" }, { "category": "external", "summary": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3", "url": "https://gist.github.com/LLM4IG/3cc9183dcd887020368a0bafeafec5e3" }, { "category": "external", "summary": "https://github.com/ThreeTen/threetenbp/blob/adcdbc462b4e93e68e6f9c9a82217d0478b7d635/src/site/markdown/security.md?plain=1#L17", "url": "https://github.com/ThreeTen/threetenbp/blob/adcdbc462b4e93e68e6f9c9a82217d0478b7d635/src/site/markdown/security.md?plain=1#L17" }, { "category": "external", "summary": "https://github.com/ThreeTen/threetenbp/blob/main/src/main/java/org/threeten/bp/LocalDate.java#L1671", "url": "https://github.com/ThreeTen/threetenbp/blob/main/src/main/java/org/threeten/bp/LocalDate.java#L1671" } ], "release_date": "2024-04-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "threetenbp: null pointer exception" }, { "cve": "CVE-2024-29857", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293028" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in Bouncy Castle. An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java). Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during the evaluation of the curve parameters.", "title": "Vulnerability description" }, { "category": "summary", "text": "org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-29857" }, { "category": "external", "summary": "RHBZ#2293028", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293028" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-29857", "url": "https://www.cve.org/CVERecord?id=CVE-2024-29857" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29857" } ], "release_date": "2024-06-14T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service" }, { "acknowledgments": [ { "names": [ "Hubert Kario" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2024-30171", "cwe": { "id": "CWE-208", "name": "Observable Timing Discrepancy" }, "discovery_date": "2024-04-18T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2276360" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Bouncy Castle Java cryptography APIs. Affected versions of the org.bouncycastle:bcprov-jdk18on package are vulnerable to Observable Timing Discrepancy via the PKCS#1 1.5 and OAEP decryption process (a.k.a. Marvin Attack). An attacker can recover cipher-texts via a side-channel attack by exploiting the Marvin security flaw. The PKCS#1 1.5 attack vector leaks data via javax.crypto.Cipher exceptions and the OAEP interface vector leaks via the bit size of the decrypted data.", "title": "Vulnerability description" }, { "category": "summary", "text": "bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-30171" }, { "category": "external", "summary": "RHBZ#2276360", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276360" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-30171", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30171" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30171" }, { "category": "external", "summary": "https://people.redhat.com/~hkario/marvin/", "url": "https://people.redhat.com/~hkario/marvin/" } ], "release_date": "2024-04-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "bc-java: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack)" }, { "cve": "CVE-2024-30172", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2024-06-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2293025" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Bouncy Castle Java Cryptography APIs. Affected versions of this package are vulnerable to an Infinite loop issue in ED25519 verification in the ScalarUtil class. This flaw allows an attacker to send a malicious signature and public key to trigger a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2024-30172" }, { "category": "external", "summary": "RHBZ#2293025", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293025" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2024-30172", "url": "https://www.cve.org/CVERecord?id=CVE-2024-30172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-30172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-30172" }, { "category": "external", "summary": "https://www.bouncycastle.org/latest_releases.html", "url": "https://www.bouncycastle.org/latest_releases.html" } ], "release_date": "2024-05-09T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2024-07-25T19:26:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2024:4884" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat build of Apache Camel 4.4.1 for Spring Boot" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class" } ] }
ghsa-9442-gm4v-r222
Vulnerability from github
Published
2024-06-20 15:31
Modified
2024-10-17 14:08
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Summary
Undertow's url-encoded request path information can be broken on ajp-listener
Details
A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as "404 Not Found" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.
{ "affected": [ { "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "2.3.0.Alpha1" }, { "fixed": "2.3.14.Final" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c 2.2.33.Final" }, "package": { "ecosystem": "Maven", "name": "io.undertow:undertow-core" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.3.14.Final" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2024-6162" ], "database_specific": { "cwe_ids": [ "CWE-400" ], "github_reviewed": true, "github_reviewed_at": "2024-06-20T16:22:33Z", "nvd_published_at": "2024-06-20T15:15:50Z", "severity": "HIGH" }, "details": "A vulnerability was found in Undertow, where URL-encoded request paths can be mishandled during concurrent requests on the AJP listener. This issue arises because the same buffer is used to decode the paths for multiple requests simultaneously, leading to incorrect path information being processed. As a result, the server may attempt to access the wrong path, causing errors such as \"404 Not Found\" or other application failures. This flaw can potentially lead to a denial of service, as legitimate resources become inaccessible due to the path mix-up.", "id": "GHSA-9442-gm4v-r222", "modified": "2024-10-17T14:08:20Z", "published": "2024-06-20T15:31:19Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6162" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/pull/1612" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/90f202ada89b6d9883beed0f1fe10c99d470d9a8" }, { "type": "WEB", "url": "https://github.com/undertow-io/undertow/commit/a28ac53076e2fa532266d25e0c0b1a01d0e9d2cf" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:1194" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:4386" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "type": "WEB", "url": "https://access.redhat.com/security/cve/CVE-2024-6162" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069" }, { "type": "PACKAGE", "url": "https://github.com/undertow-io/undertow" }, { "type": "WEB", "url": "https://issues.redhat.com/browse/JBEAP-26268" }, { "type": "WEB", "url": "https://issues.redhat.com/browse/UNDERTOW-2334" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" }, { "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "type": "CVSS_V4" } ], "summary": "Undertow\u0027s url-encoded request path information can be broken on ajp-listener" }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.