Security
Headlines
HeadlinesLatestCVEs

Headline

Red Hat Security Advisory 2023-7641-03

Red Hat Security Advisory 2023-7641-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Issues addressed include a denial of service vulnerability.

Packet Storm
#vulnerability#web#red_hat#ddos#dos#apache#js#java#ssh

The following advisory data is extracted from:

https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_7641.json

Red Hat officially shut down their mailing list notifications October 10, 2023. Due to this, Packet Storm has recreated the below data as a reference point to raise awareness. It must be noted that due to an inability to easily track revision updates without crawling Red Hat’s archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.

  • Packet Storm Staff

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat JBoss Enterprise Application Platform 7.4.14 security update
Advisory ID: RHSA-2023:7641-03
Product: Red Hat JBoss Enterprise Application Platform
Advisory URL: https://access.redhat.com/errata/RHSA-2023:7641
Issue date: 2023-12-05
Revision: 03
CVE Names: CVE-2023-2976
====================================================================

Summary:

An update is now available for Red Hat JBoss Enterprise Application Platform 7.4.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description:

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime.

This release of Red Hat JBoss Enterprise Application Platform 7.4.14 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.13, and includes bug fixes and enhancements.

See the Red Hat JBoss Enterprise Application Platform 7.4.14 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

  • undertow: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

  • avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK (CVE-2023-39410)

  • guava: insecure temporary directory creation (CVE-2023-2976)

  • eap-galleon: custom provisioning creates unsecured http-invoker (CVE-2023-4503)

  • jetty-server: OutOfMemoryError for large multipart without filename read via request.getParameter() (CVE-2023-26048)

  • jetty-server: Cookie parsing of quoted values can exfiltrate values from other cookies (CVE-2023-26049)

  • sshd-common: apache-mina-sshd: information exposure in SFTP server implementations (CVE-2023-35887)

A Red Hat Security Bulletin which addresses further details about the Rapid Reset flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution:

CVEs:

CVE-2023-2976

References:

https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?downloadType=securityPatches&product=appplatform&version=7.4
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/
https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.4/html-single/installation_guide/
https://bugzilla.redhat.com/show_bug.cgi?id=2184751
https://bugzilla.redhat.com/show_bug.cgi?id=2215229
https://bugzilla.redhat.com/show_bug.cgi?id=2236340
https://bugzilla.redhat.com/show_bug.cgi?id=2236341
https://bugzilla.redhat.com/show_bug.cgi?id=2240036
https://bugzilla.redhat.com/show_bug.cgi?id=2242521
https://bugzilla.redhat.com/show_bug.cgi?id=2242803
https://issues.redhat.com/browse/JBEAP-25004
https://issues.redhat.com/browse/JBEAP-25085
https://issues.redhat.com/browse/JBEAP-25086
https://issues.redhat.com/browse/JBEAP-25378
https://issues.redhat.com/browse/JBEAP-25380
https://issues.redhat.com/browse/JBEAP-25419
https://issues.redhat.com/browse/JBEAP-25451
https://issues.redhat.com/browse/JBEAP-25457
https://issues.redhat.com/browse/JBEAP-25541
https://issues.redhat.com/browse/JBEAP-25547
https://issues.redhat.com/browse/JBEAP-25576
https://issues.redhat.com/browse/JBEAP-25594
https://issues.redhat.com/browse/JBEAP-25627
https://issues.redhat.com/browse/JBEAP-25657
https://issues.redhat.com/browse/JBEAP-25685
https://issues.redhat.com/browse/JBEAP-25700
https://issues.redhat.com/browse/JBEAP-25716
https://issues.redhat.com/browse/JBEAP-25726
https://issues.redhat.com/browse/JBEAP-25772
https://issues.redhat.com/browse/JBEAP-25779
https://issues.redhat.com/browse/JBEAP-25803
https://issues.redhat.com/browse/JBEAP-25838
https://issues.redhat.com/browse/JBEAP-26041

Related news

Red Hat Security Advisory 2024-3354-03

Red Hat Security Advisory 2024-3354-03 - Red Hat Fuse 7.13.0 release is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Issues addressed include HTTP request smuggling, bypass, denial of service, deserialization, and traversal vulnerabilities.

Red Hat Security Advisory 2024-1194-03

Red Hat Security Advisory 2024-1194-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and file overwrite vulnerabilities.

Red Hat Security Advisory 2024-1193-03

Red Hat Security Advisory 2024-1193-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and file overwrite vulnerabilities.

Red Hat Security Advisory 2024-1192-03

Red Hat Security Advisory 2024-1192-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 8.0 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include denial of service and file overwrite vulnerabilities.

Red Hat Security Advisory 2024-0804-03

Red Hat Security Advisory 2024-0804-03 - A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0801-03

Red Hat Security Advisory 2024-0801-03 - A new image is available for Red Hat Single Sign-On 7.6.7, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0799-03

Red Hat Security Advisory 2024-0799-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 8. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0798-03

Red Hat Security Advisory 2024-0798-03 - New Red Hat Single Sign-On 7.6.7 packages are now available for Red Hat Enterprise Linux 7. Issues addressed include bypass, cross site scripting, and open redirection vulnerabilities.

Red Hat Security Advisory 2024-0797-03

Red Hat Security Advisory 2024-0797-03 - Updated Satellite 6.14 packages that fixes Important security bugs and several regular bugs are now available for Red Hat Satellite. Issues addressed include HTTP request smuggling, buffer overflow, denial of service, and memory leak vulnerabilities.

Red Hat Security Advisory 2023-7612-03

Red Hat Security Advisory 2023-7612-03 - A new release of the Red Hat build of Quarkus is now available. This new release comes packed with a host of enhancements, bug fixes, and security fixes. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE links in the References section. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7705-03

Red Hat Security Advisory 2023-7705-03 - Red Hat Build of Apache Camel for Quarkus 2.13.3 release and security update is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7678-03

Red Hat Security Advisory 2023-7678-03 - Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Issues addressed include XML injection, bypass, and open redirection vulnerabilities.

Red Hat Security Advisory 2023-7638-03

Red Hat Security Advisory 2023-7638-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7637-03

Red Hat Security Advisory 2023-7637-03 - An update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7617-02

Red Hat Security Advisory 2023-7617-02 - Red Hat Build of Apache Camel for Quarkus 3.2.0 is now available.

Red Hat Security Advisory 2023-7345-01

Red Hat Security Advisory 2023-7345-01 - An update is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-7344-01

Red Hat Security Advisory 2023-7344-01 - An update for openshift-gitops-kam is now available for Red Hat OpenShift GitOps 1.9. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6239-01

Red Hat Security Advisory 2023-6239-01 - An update is now available for Kiali for RHEL 8. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6105-01

Red Hat Security Advisory 2023-6105-01 - An update is now available for Red Hat JBoss Core Services. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-6061-01

Red Hat Security Advisory 2023-6061-01 - Red Hat OpenShift Pipelines 1.12.1 has been released. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5866-01

Red Hat Security Advisory 2023-5866-01 - An update for grafana is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5706-01

Red Hat Security Advisory 2023-5706-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET 6.0 to SDK 6.0.123 and Runtime 6.0.23. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5679-01

Red Hat Security Advisory 2023-5679-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.39. Issues addressed include a denial of service vulnerability.

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVE-2023-22130: Oracle Critical Patch Update Advisory - October 2023

Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).

Red Hat Security Advisory 2023-5770-01

Red Hat Security Advisory 2023-5770-01 - nghttp2 contains the Hypertext Transfer Protocol version 2 client, server, and proxy programs as well as a library implementing the HTTP/2 protocol in C. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-5765-01

Red Hat Security Advisory 2023-5765-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

CVE-2023-30994: Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities

IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138

Red Hat Security Advisory 2023-5491-01

Red Hat Security Advisory 2023-5491-01 - AMQ Broker is a high-performance messaging implementation based on ActiveMQ Artemis. It uses an asynchronous journal for fast message persistence, and supports multiple languages, protocols, and platforms. This release of Red Hat AMQ Broker 7.11.2 includes security and bug fixes, and enhancements. For further information, refer to the release notes linked to in the References section.

RHSA-2023:5491: Red Hat Security Advisory: Red Hat AMQ Broker 7.11.2 release and security update

Red Hat AMQ Broker 7.11.2 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-1664: A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certificate which will be validated by the server. If this happens and the KC_SPI_TRUSTSTORE_FILE_FI...

RHSA-2023:5441: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update

Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-44729: A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure. * CVE-2022-44730: A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as ...

RHSA-2023:5441: Red Hat Security Advisory: Red Hat Integration Camel for Spring Boot 4.0.0 release and security update

Red Hat Integration Camel for Spring Boot 4.0.0 release and security update is now available. Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-44729: A flaw was found in Apache Batik 1.0 - 1.16. This issue occurs due to a malicious SVG triggering external resources loading by default, causing resource consumption or in some cases information disclosure. * CVE-2022-44730: A flaw was found in Apache Batik, where a malicious SVG can probe user profile data and send it directly as ...

GHSA-rhrv-645h-fjfh: Apache Avro Java SDK vulnerable to Improper Input Validation

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

CVE-2023-39410

When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.

Debian Security Advisory 5507-1

Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.

Debian Security Advisory 5507-1

Debian Linux Security Advisory 5507-1 - Multiple security vulnerabilities were found in Jetty, a Java based web server and servlet engine.

Red Hat Security Advisory 2023-5396-01

Red Hat Security Advisory 2023-5396-01 - Red Hat Data Grid is an in-memory, distributed, NoSQL datastore solution. It increases application response times and allows for dramatically improving performance while providing availability, reliability, and elastic scale. Data Grid 8.4.4 replaces Data Grid 8.4.3 and includes bug fixes and enhancements. Issues addressed include a denial of service vulnerability.

RHSA-2023:5396: Red Hat Security Advisory: Red Hat Data Grid 8.4.4 security update

An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-45047: A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server. * CVE-2023-3628: A flaw was found in Infinispan's REST. Bulk read endpoints do not properly evaluate user permissions for the...

CVE-2023-39252: DSA-2023-321: Security Update for Dell Secure Connect Gateway Security Policy Manager Vulnerabilities

Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information.

Red Hat Security Advisory 2023-5165-01

Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-5165-01

Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.

Red Hat Security Advisory 2023-5165-01

Red Hat Security Advisory 2023-5165-01 - Red Hat AMQ Streams, based on the Apache Kafka project, offers a distributed backbone that allows microservices and other applications to share data with extremely high throughput and extremely low latency. Issues addressed include code execution, denial of service, deserialization, and integer overflow vulnerabilities.

RHSA-2023:5165: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service. * CVE-2021-37137: A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a speciall...

RHSA-2023:5165: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service. * CVE-2021-37137: A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a speciall...

RHSA-2023:5165: Red Hat Security Advisory: Red Hat AMQ Streams 2.5.0 release and security update

Red Hat AMQ Streams 2.5.0 is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-37136: A flaw was found in Netty's netty-codec due to size restrictions for decompressed data in the Bzip2Decoder. By sending a specially-crafted input, a remote attacker could cause a denial of service. * CVE-2021-37137: A flaw was found in the Netty's netty-codec due to unrestricted chunk lengths in the SnappyFrameDecoder. By sending a speciall...

CVE-2023-32338: Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

CVE-2023-32338: Security Bulletin: IBM Sterling Secure Proxy is vulnerable to multiple issues

IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

CVE-2023-22062: Oracle Critical Patch Update Advisory - July 2023

Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).

GHSA-mjmq-gwgm-5qhm: Apache MINA SSHD information disclosure vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

CVE-2023-35887

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA. In SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks. This issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10

GHSA-7g45-4rm6-3mm3: Guava vulnerable to insecure use of temporary directory

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, maintainers recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

CVE-2023-2976: Security scan reported problem with com.google.common.io.FileBackedOutputStream · Issue #2575 · google/guava

Use of Java's default temporary directory for file creation in `FileBackedOutputStream` in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class. Even though the security vulnerability is fixed in version 32.0.0, we recommend using version 32.0.1 as version 32.0.0 breaks some functionality under Windows.

GHSA-qw69-rqj8-6qw8: OutOfMemoryError for large multipart without filename in Eclipse Jetty

### Impact Servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and a very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. A very large number of parts may cause the same problem. ### Patches Patched in Jetty versions * 9.4.51.v20230217 - via PR #9345 * 10.0.14 - via PR #9344 * 11.0.14 - via PR #9344 ### Workarounds Multipart parameter `maxRequestSize` must be set to a non-negative value, so the whole multipart content is limited (although still read...

GHSA-p26g-97m4-6q7c: Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies

Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name `DISPLAY_LANGUAGE` and a value of `b; JSESSIONID=1337; c=d` instead of 3 separate cookies. ### Impact This has security implications because if, say, `JSESSIONID` is an `HttpOnly` cookie, and the `DISPLAY_LANGUAGE` cookie value is rendered on the page, an attacker can smuggle the `JSESSIONID` cookie into the `DISPLAY_LANGUAGE` cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by ...

CVE-2023-26048: servlet/servlet-spec-body.adoc at 6.0.0 · jakartaee/servlet

Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still re...

CVE-2023-26049: Cookie parsing of quoted values can exfiltrate values from other cookies

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that polic...

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution