rhsa-2023_3355
Vulnerability from csaf_redhat
Published
2023-06-05 11:46
Modified
2024-11-06 03:05
Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update
Notes
Topic
Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)
* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)
* curl: HSTS bypass via IDN (CVE-2022-43551)
* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)
* curl: HSTS ignored on multiple requests (CVE-2023-23914)
* curl: HSTS amnesia with --parallel (CVE-2023-23915)
* curl: HTTP multi-header compression denial of service (CVE-2023-23916)
* curl: TELNET option IAC injection (CVE-2023-27533)
* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)
* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)
* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)
* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)
* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)
* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)
* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.\n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* apr-util: out-of-bounds writes in the apr_base64 (CVE-2022-25147)\n* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)\n* curl: HSTS bypass via IDN (CVE-2022-43551)\n* curl: HTTP Proxy deny use-after-free (CVE-2022-43552)\n* curl: HSTS ignored on multiple requests (CVE-2023-23914)\n* curl: HSTS amnesia with --parallel (CVE-2023-23915)\n* curl: HTTP multi-header compression denial of service (CVE-2023-23916)\n* curl: TELNET option IAC injection (CVE-2023-27533)\n* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)\n* expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate (CVE-2022-43680)\n* httpd: mod_dav: out-of-bounds read/write of zero byte (CVE-2006-20001)\n* httpd: HTTP request splitting with mod_rewrite and mod_proxy (CVE-2023-25690)\n* openssl: timing attack in RSA Decryption implementation (CVE-2022-4304)\n* openssl: double free after calling PEM_read_bio_ex (CVE-2022-4450)\n* openssl: use-after-free following BIO_new_NDEF (CVE-2023-0215)\n* openssl: X.400 address type confusion in X.509 GeneralName (CVE-2023-0286)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2023:3355", "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "2140059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059" }, { "category": "external", "summary": "2152639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639" }, { "category": "external", "summary": "2152652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652" }, { "category": "external", "summary": "2161774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774" }, { "category": "external", "summary": "2164440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440" }, { "category": "external", "summary": "2164487", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487" }, { "category": "external", "summary": "2164492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492" }, { "category": "external", "summary": "2164494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494" }, { "category": "external", "summary": "2167797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797" }, { "category": "external", "summary": "2167813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813" }, { "category": "external", "summary": "2167815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815" }, { "category": "external", "summary": "2169652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652" }, { "category": "external", "summary": "2176209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209" }, { "category": "external", "summary": "2179062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062" }, { "category": "external", "summary": "2179069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3355.json" } ], "title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 SP2 security update", "tracking": { "current_release_date": "2024-11-06T03:05:26+00:00", "generator": { "date": "2024-11-06T03:05:26+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2023:3355", "initial_release_date": "2023-06-05T11:46:47+00:00", "revision_history": [ { "date": "2023-06-05T11:46:47+00:00", "number": "1", "summary": "Initial version" }, { "date": "2023-07-18T17:29:11+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-06T03:05:26+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "JBCS httpd 2.4.51.sp2", "product": { "name": "JBCS httpd 2.4.51.sp2", "product_id": "JBCS httpd 2.4.51.sp2", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_core_services:1" } } } ], "category": "product_family", "name": "Red Hat JBoss Core Services" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2006-20001", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "discovery_date": "2023-01-17T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2161774" } ], "notes": [ { "category": "description", "text": "A flaw was found in the mod_dav module of httpd. A specially crafted \"If:\" request header can cause a memory read or write of a single zero byte due to a missing error check, resulting in a Denial of Service.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: mod_dav: out-of-bounds read/write of zero byte", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw only affects configurations with mod_dav loaded and configured. Also, if there is no WebDAV repository configured, the server is not affected and no further mitigation is needed. For more information about the mitigation, check the mitigation section below.\n\nThe httpd mod_dav module is enabled by default on Red Hat Enterprise Linux 6, 7, 8, 9, and in RHSCL. However, there is no WebDAV repository configured by default.\n\nThis flaw has been rated as having a security impact of moderate, and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 7. Red Hat Enterprise Linux 7 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2006-20001" }, { "category": "external", "summary": "RHBZ#2161774", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2006-20001", "url": "https://www.cve.org/CVERecord?id=CVE-2006-20001" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-20001", "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-20001" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001", "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2006-20001" } ], "release_date": "2023-01-17T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "category": "workaround", "details": "Disabling mod_dav and restarting httpd will mitigate this flaw.", "product_ids": [ "JBCS httpd 2.4.51.sp2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "httpd: mod_dav: out-of-bounds read/write of zero byte" }, { "cve": "CVE-2022-4304", "discovery_date": "2023-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164487" } ], "notes": [ { "category": "description", "text": "A timing-based side channel exists in the OpenSSL RSA Decryption implementation, which could be sufficient to recover a ciphertext across a network in a Bleichenbacher style attack. To achieve a successful decryption, an attacker would have to be able to send a very large number of trial messages for decryption. This issue affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP, and RSASVE.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: timing attack in RSA Decryption implementation", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4304" }, { "category": "external", "summary": "RHBZ#2164487", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164487" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4304", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4304" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: timing attack in RSA Decryption implementation" }, { "cve": "CVE-2022-4450", "cwe": { "id": "CWE-415", "name": "Double Free" }, "discovery_date": "2023-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164494" } ], "notes": [ { "category": "description", "text": "A double-free vulnerability was found in OpenSSL\u0027s PEM_read_bio_ex function. The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the \"name\" (for example, \"CERTIFICATE\"), any header data, and the payload data. If the function succeeds, then the \"name_out,\" \"header,\" and \"data\" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. Constructing a PEM file that results in 0 bytes of payload data is possible. In this case, PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a freed buffer. A double-free will occur if the caller also frees this buffer. This will most likely lead to a crash. This could be exploited by an attacker who can supply malicious PEM files for parsing to achieve a denial of service attack.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: double free after calling PEM_read_bio_ex", "title": "Vulnerability summary" }, { "category": "other", "text": "This flaw is rated as having a Moderate impact as it is less easily exploited and is only vulnerable in unlikely configurations. Additionally, the upstream advisory (linked in External References) also rates it as Moderate.\n\nThe versions of `shim` as shipped with Red Hat Enterprise Linux 8 and 9 are shipping OpenSSL 1.1.1 and 1.0.2, which do not contain the incorrect code, so those are not affected by this CVE.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-4450" }, { "category": "external", "summary": "RHBZ#2164494", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164494" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-4450", "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4450" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: double free after calling PEM_read_bio_ex" }, { "cve": "CVE-2022-25147", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "discovery_date": "2023-02-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2169652" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Apache Portable Runtime Utility (APR-util) library. This issue may allow a malicious attacker to cause an out-of-bounds write due to an integer overflow when encoding/decoding a very long string using the base64 family of functions.", "title": "Vulnerability description" }, { "category": "summary", "text": "apr-util: out-of-bounds writes in the apr_base64", "title": "Vulnerability summary" }, { "category": "other", "text": "The Apache Portable Runtime Utility (APR-util) library contains additional utility interfaces for APR (Apache Portable Runtime). \nThis vulnerability is related to the incorrect usage of the base64 encoding/decoding family of functions through APR-util API.\nUsage of these functions with long enough string would cause integer overflow and will lead to out-of-bound write.\n\nThis flaw was rated with an important severity for a moment as Red Hat received information that this vulnerability potentially can allow remote attackers to cause a denial of service to the application linked to the APR-util library. Deep analysis confirmed that there are no known conditions that could lead to DoS. \nAdditionally the APR-util API should not be exposed to the untrusted uploads and usage.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-25147" }, { "category": "external", "summary": "RHBZ#2169652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2169652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-25147", "url": "https://www.cve.org/CVERecord?id=CVE-2022-25147" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-25147", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25147" } ], "release_date": "2023-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "apr-util: out-of-bounds writes in the apr_base64" }, { "cve": "CVE-2022-43551", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2022-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2152639" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in curl. The issue can occur when curl\u0027s HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given URL first uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion. In that case, it can bypass the HSTS mechanism using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E). Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the information, IDN encoded but looked for it as IDN decoded.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HSTS bypass via IDN", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43551" }, { "category": "external", "summary": "RHBZ#2152639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43551", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43551" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2022-43551.html", "url": "https://curl.se/docs/CVE-2022-43551.html" } ], "release_date": "2022-12-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HSTS bypass via IDN" }, { "cve": "CVE-2022-43552", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-12-12T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2152652" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: Use-after-free triggered by an HTTP proxy deny response", "title": "Vulnerability summary" }, { "category": "other", "text": "Potential successful exploitation will cause the curl to crash, which generates a low impact to the environment where the curl is used. Additionally, exploitation depends on the conditions that are out of the attacker\u0027s control, like usage of specific protocols (SMB or TELNET) and HTTP proxy tunnels at the same time. Due to these facts, this vulnerability has been classified as a Low severity issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43552" }, { "category": "external", "summary": "RHBZ#2152652", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43552", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43552" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2022-43552.html", "url": "https://curl.se/docs/CVE-2022-43552.html" } ], "release_date": "2022-12-21T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "category": "workaround", "details": "Avoid using the SMB and TELNET protocols.", "product_ids": [ "JBCS httpd 2.4.51.sp2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: Use-after-free triggered by an HTTP proxy deny response" }, { "cve": "CVE-2022-43680", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2022-11-04T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2140059" } ], "notes": [ { "category": "description", "text": "A use-after-free flaw was found in the Expat package, caused by destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations. This may lead to availability disruptions.", "title": "Vulnerability description" }, { "category": "summary", "text": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability can only happen under special (out-of-memory) conditions, thus it is not possible to exploit on every possible system that has expat installed. Additionally as the flaw is only capable of causing a Denial of Service, Red Hat rates the impact as Moderate.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2022-43680" }, { "category": "external", "summary": "RHBZ#2140059", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2140059" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2022-43680", "url": "https://www.cve.org/CVERecord?id=CVE-2022-43680" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43680" }, { "category": "external", "summary": "https://github.com/libexpat/libexpat/issues/649", "url": "https://github.com/libexpat/libexpat/issues/649" } ], "release_date": "2022-10-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "expat: use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate" }, { "cve": "CVE-2023-0215", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "discovery_date": "2023-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164492" } ], "notes": [ { "category": "description", "text": "A use-after-free vulnerability was found in OpenSSL\u0027s BIO_new_NDEF function. The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally by OpenSSL to support the SMIME, CMS, and PKCS7 streaming capabilities, but it may also be called directly by end-user applications. The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter BIO onto the front of it to form a BIO chain, and then returns the new head of the BIO chain to the caller. Under certain conditions. For example, if a CMS recipient public key is invalid, the new filter BIO is freed, and the function returns a NULL result indicating a failure. However, in this case, the BIO chain is not properly cleaned up, and the BIO passed by the caller still retains internal pointers to the previously freed filter BIO. If the caller then calls BIO_pop() on the BIO, a use-after-free will occur, possibly resulting in a crash.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: use-after-free following BIO_new_NDEF", "title": "Vulnerability summary" }, { "category": "other", "text": "This vulnerability has been rated as having a moderate impact in alignment with upstream. See the security advisory linked in external references.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0215" }, { "category": "external", "summary": "RHBZ#2164492", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164492" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0215", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0215" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: use-after-free following BIO_new_NDEF" }, { "cve": "CVE-2023-0286", "cwe": { "id": "CWE-704", "name": "Incorrect Type Conversion or Cast" }, "discovery_date": "2023-01-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2164440" } ], "notes": [ { "category": "description", "text": "A type confusion vulnerability was found in OpenSSL when OpenSSL X.400 addresses processing inside an X.509 GeneralName. When CRL checking is enabled (for example, the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or cause a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, of which neither needs a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. In this case, this vulnerability is likely only to affect applications that have implemented their own functionality for retrieving CRLs over a network.", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: X.400 address type confusion in X.509 GeneralName", "title": "Vulnerability summary" }, { "category": "other", "text": "For shim in Red Hat Enterprise Linux 8 \u0026 9, is not affected as shim doesn\u0027t support any CRL processing.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-0286" }, { "category": "external", "summary": "RHBZ#2164440", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2164440" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-0286", "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0286" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20230207.txt", "url": "https://www.openssl.org/news/secadv/20230207.txt" } ], "release_date": "2023-02-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "category": "workaround", "details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids": [ "JBCS httpd 2.4.51.sp2" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "openssl: X.400 address type confusion in X.509 GeneralName" }, { "acknowledgments": [ { "names": [ "Harry Sintonen" ] } ], "cve": "CVE-2023-23914", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2023-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167797" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HSTS ignored on multiple requests", "title": "Vulnerability summary" }, { "category": "other", "text": "This is a curl command line issue and does not affect libcurl.\nThere is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.\nUpstream has rated this as a Low Severity issue.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23914" }, { "category": "external", "summary": "RHBZ#2167797", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23914", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23914" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-23914.html", "url": "https://curl.se/docs/CVE-2023-23914.html" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HSTS ignored on multiple requests" }, { "acknowledgments": [ { "names": [ "Harry Sintonen" ] } ], "cve": "CVE-2023-23915", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "discovery_date": "2023-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167813" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HSTS amnesia with --parallel", "title": "Vulnerability summary" }, { "category": "other", "text": "There is no HSTS support in the versions of curl shipped in rhel-7 and rhel-8. Curl packages as shipped in rhel-9 do not support HSTS.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23915" }, { "category": "external", "summary": "RHBZ#2167813", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23915", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23915" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-23915.html", "url": "https://curl.se/docs/CVE-2023-23915.html" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: HSTS amnesia with --parallel" }, { "acknowledgments": [ { "names": [ "Patrick Monnerat" ] } ], "cve": "CVE-2023-23916", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "discovery_date": "2023-02-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2167815" } ], "notes": [ { "category": "description", "text": "A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: HTTP multi-header compression denial of service", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-23916" }, { "category": "external", "summary": "RHBZ#2167815", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-23916", "url": "https://www.cve.org/CVERecord?id=CVE-2023-23916" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-23916.html", "url": "https://curl.se/docs/CVE-2023-23916.html" } ], "release_date": "2023-02-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "curl: HTTP multi-header compression denial of service" }, { "cve": "CVE-2023-25690", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2023-03-07T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2176209" } ], "notes": [ { "category": "description", "text": "A vulnerability was found in httpd. This security issue occurs when some mod_proxy configurations on Apache HTTP Server allow an HTTP Request Smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.", "title": "Vulnerability description" }, { "category": "summary", "text": "httpd: HTTP request splitting with mod_rewrite and mod_proxy", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-25690" }, { "category": "external", "summary": "RHBZ#2176209", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2176209" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-25690", "url": "https://www.cve.org/CVERecord?id=CVE-2023-25690" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-25690" }, { "category": "external", "summary": "https://httpd.apache.org/security/vulnerabilities_24.html", "url": "https://httpd.apache.org/security/vulnerabilities_24.html" } ], "release_date": "2023-03-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "httpd: HTTP request splitting with mod_rewrite and mod_proxy" }, { "acknowledgments": [ { "names": [ "Daniel Stenberg", "Harry Sintonen" ] } ], "cve": "CVE-2023-27533", "cwe": { "id": "CWE-75", "name": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)" }, "discovery_date": "2023-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2179062" } ], "notes": [ { "category": "description", "text": "A vulnerability in input validation exists in curl \u003c8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application\u0027s intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: TELNET option IAC injection", "title": "Vulnerability summary" }, { "category": "other", "text": "While this vulnerability exists in Curl, the potential impact is to a different component. The overall impact is limited to the telnet component. On its own this flaw has a limited to negligible effect on integrity of the entire system, therefore it has been rated as having a Low security impact. This is in alignment with upstream\u2019s impact assessment, their advisory is linked in external references.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27533" }, { "category": "external", "summary": "RHBZ#2179062", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27533", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27533" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-27533.html", "url": "https://curl.se/docs/CVE-2023-27533.html" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: TELNET option IAC injection" }, { "acknowledgments": [ { "names": [ "Daniel Stenberg", "Harry Sintonen" ] } ], "cve": "CVE-2023-27534", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)" }, "discovery_date": "2023-03-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "2179069" } ], "notes": [ { "category": "description", "text": "A path traversal vulnerability exists in curl \u003c8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user\u0027s home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "title": "Vulnerability description" }, { "category": "summary", "text": "curl: SFTP path ~ resolving discrepancy", "title": "Vulnerability summary" }, { "category": "other", "text": "In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "JBCS httpd 2.4.51.sp2" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2023-27534" }, { "category": "external", "summary": "RHBZ#2179069", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2023-27534", "url": "https://www.cve.org/CVERecord?id=CVE-2023-27534" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-27534.html", "url": "https://curl.se/docs/CVE-2023-27534.html" } ], "release_date": "2023-03-20T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2023-06-05T11:46:47+00:00", "details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "JBCS httpd 2.4.51.sp2" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "JBCS httpd 2.4.51.sp2" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "curl: SFTP path ~ resolving discrepancy" } ] }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.