Headline
RHSA-2023:4909: Red Hat Security Advisory: Red Hat JBoss Web Server 5.7.4 release and security update
An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer.
- CVE-2023-24998: A flaw was found in Apache Commons FileUpload, where it does not limit the number of parts being processed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service. While Red Hat Satellite relies upon Apache Tomcat, it does not directly ship it. Tomcat is shipped with Red Hat Enterprise Linux and consumed by the Candlepin component of Satellite. Red Hat Satellite users are therefore advised to check the impact state of Red Hat Enterprise Linux, since any necessary fixes will be distributed through the platform.
- CVE-2023-28708: When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
- CVE-2023-28709: A flaw was found in Apache Tomcat due to an incomplete fix for CVE-2023-24998, which aims to limit the uploaded request parts that can be bypassed in a request. This issue may allow an attacker to use a malicious upload or series of uploads to trigger a denial of service.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Quarkus
Integration and Automation
All Products
Issued:
2023-09-04
Updated:
2023-09-04
RHSA-2023:4909 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: Red Hat JBoss Web Server 5.7.4 release and security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update is now available for Red Hat JBoss Web Server 5.7.4 on Red Hat Enterprise Linux versions 7, 8, and 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library.
This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section.
Security Fix(es):
- apr: integer overflow/wraparound in apr_encode (CVE-2022-24963)
- Apache Commons FileUpload: FileUpload DoS with excessive parts (CVE-2023-24998)
- tomcat: not including the secure attribute causes information disclosure (CVE-2023-28708)
- tomcat: Fix for CVE-2023-24998 was incomplete (CVE-2023-28709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Solution
Before applying the update, back up your existing Red Hat JBoss Web Server installation (including all applications and configuration files).
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- JBoss Enterprise Web Server 5 for RHEL 9 x86_64
- JBoss Enterprise Web Server 5 for RHEL 8 x86_64
- JBoss Enterprise Web Server 5 for RHEL 7 x86_64
Fixes
- BZ - 2169465 - CVE-2022-24963 apr: integer overflow/wraparound in apr_encode
- BZ - 2172298 - CVE-2023-24998 Apache Commons FileUpload: FileUpload DoS with excessive parts
- BZ - 2180856 - CVE-2023-28708 tomcat: not including the secure attribute causes information disclosure
- BZ - 2210321 - CVE-2023-28709 tomcat: Fix for CVE-2023-24998 was incomplete
CVEs
- CVE-2022-24963
- CVE-2023-24998
- CVE-2023-28708
- CVE-2023-28709
JBoss Enterprise Web Server 5 for RHEL 9
SRPM
jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.src.rpm
SHA-256: b1e247a4c75310906ef9862cf07c3e9f2d2b7cd75fd4023d7106ac7d943081d5
jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.src.rpm
SHA-256: 91e076b62032d721ca7e8e7bea25f670fcc68ed6a7c3b3d225dfcf4eabfecca9
x86_64
jws5-tomcat-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: a24644564a3729d62a1bff1d48bc6fc30e95c2a1d411a84bc462d4ba644cc47b
jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: ad8a4acac2c017e64b90a288f49604f03b3529caaf8fcfae03b80c9fb3f0fef4
jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: f4923309618688cca3aa514dbfdfb037e4bf75ed197a8d9629f826c5613fc2df
jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: 44f8d873aa5eb06dcffa555cfe5de92f161ed84e116c780469c1798a3de5def4
jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: eaf1043726837b0ede513ad1ccb7c27e15890abaa27557e1002dfbc754d419e3
jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: 2488bfbff4aeb4c68559f3e52ada9fd27d0cbcddbd7c802b4b89c30e2a4c25cc
jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: 3b94cedaa1916952231e81d8e75613bf112f59a2c5ff1ad61ffd9ac63d0176f4
jws5-tomcat-native-1.2.31-15.redhat_15.el9jws.x86_64.rpm
SHA-256: bb1dc05591e158e2f0226b6a90a522d1912ea951b11d2c8f972096f37dba1a29
jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el9jws.x86_64.rpm
SHA-256: f593a61a6daa13f38419ddc6ea36fbf6b1f07fe2d86690ea927f70e66d37c2cf
jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: ff2bb1c9cc6e433d115f89085b524540b94716889ebdc0f4bc7998dce8b9ad5d
jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: 945b5c0b91b14bdf0c684aeb2af75deedfd77bd29d145748afb8aff3fe68be12
jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el9jws.noarch.rpm
SHA-256: accd14e5acb065ae41329b8e9d61bf50e8e5718faaf611cdd5a8e19842cddd80
JBoss Enterprise Web Server 5 for RHEL 8
SRPM
jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.src.rpm
SHA-256: 492627402374a664edaad5fa2bce8f0ab21bfa5d964deaeb2f33ec9e7c70c26a
jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.src.rpm
SHA-256: a0f958762445f4ab86d7b5d5b5b155160101ea12eb44706f225c4bba3aa374a3
x86_64
jws5-tomcat-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: 477ba130545a0ba521b993a8f15fa753d45a48fa1e7226382110ba33150f50ac
jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: 648b1edd9e20bfabc94080ba460dbd0d4a0d7c7ebd72e1c15043168282343728
jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: b752608a86f892a67c98af214d31df6db22cacddcf8d9e78819f8fefdd91ad1e
jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: f831bc2c4e50962def2731ea64ed1c086dccf34374e74815fb901e4729cc5afe
jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: 52aa541f668b83687d381abe62ba48312b505bbf3db160fc8abfe8a1245518d8
jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: 2cabfc26f5ad7fddf872726236d098d9ab1d473b980dff066c4dcc3b632a9aca
jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: 0224c2b80cd13bc9404b7e615c2fd1f5b2c654ea60c0c83a33f70583d00244a2
jws5-tomcat-native-1.2.31-15.redhat_15.el8jws.x86_64.rpm
SHA-256: d0b566cfd07e55c5e2ed9aab9f500e36b7ce2657e9a58b875651727588800da6
jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el8jws.x86_64.rpm
SHA-256: 4dcdd26f12cc12ffebcf12ee928325aa45ad906766a7b14d4961d0a754cc5b83
jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: 87402c2b27550e11e47db9a149e6671e5073e5c95a922946c9d1c832c904227e
jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: 8ac3de79d8e0b3ec52f1cac9bcfc3e1eeeae26f81b989aeec4effc0270d76bd6
jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el8jws.noarch.rpm
SHA-256: ab21de423de767ebe8864dd219ff721d8a433928965a9be314d5197ed0850945
JBoss Enterprise Web Server 5 for RHEL 7
SRPM
jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.src.rpm
SHA-256: 144ef0254a1da1eb8e33c3374fc2fda17df86749c1651876c472b7c0f3a7475f
jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.src.rpm
SHA-256: 8e8da0c75cde5e87b050d7520ce8b0487ef21bc8e42c8e6e09fc52fd47a4d2ba
x86_64
jws5-tomcat-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: a0f26d43829a2ab9ce09cb970cdf3515673ddb702f3b0e9f42db4d80f066d591
jws5-tomcat-admin-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: 0b13853e59208a36459952238e52eddf5b38ab2a74e0217997e41e2a92656a4d
jws5-tomcat-docs-webapp-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: e000439ae79004a8d5320a97b6c12a14c1a3b2a7cf2fb11c60c5d72167fb6f09
jws5-tomcat-el-3.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: 9ac9e294620e8b44220c6cb659b17fb27e10d04e51a04e911ed1f56957ad7672
jws5-tomcat-java-jdk11-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: 2a6c1c07426ba5ac726834b4e8e54d957c38ab6d75c847dc548fb6b2d3e1f303
jws5-tomcat-java-jdk8-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: eb28a8f0e4ee5bd67d242c1e1fdbd3160b48153b36b9b3cc8cfcf645f4a3daab
jws5-tomcat-javadoc-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: fb45a6846398b1dffde514f20ef4e9b111e82d007eb2a9f77f262d7666512bb5
jws5-tomcat-jsp-2.3-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: eb353818cf3416be9ccf941a7e24fc970b29b5df022a6d74dc23575dbd048377
jws5-tomcat-lib-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: 822f4b42bd258a22e4f50cb504f3388ec9c9dc1b11bb982295c91b6e8803c68f
jws5-tomcat-native-1.2.31-15.redhat_15.el7jws.x86_64.rpm
SHA-256: c2c195d8f6377f9782e09eaeab22eea28d59b2cf6c4f6ad5c88376dcc3d6a087
jws5-tomcat-native-debuginfo-1.2.31-15.redhat_15.el7jws.x86_64.rpm
SHA-256: b0917e7d482e7059015e525f344d97e2ef6f7cb28848a5eafada32bcc86d399a
jws5-tomcat-selinux-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: ac32c7c10fbd71b937363556006b70212b32a50363f5991785c3d8f5cc1c52d7
jws5-tomcat-servlet-4.0-api-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: 5e79b882f40eb4d5955b1d6da2b93e28ab301787b1e02189a6712b733bdf7558
jws5-tomcat-webapps-9.0.62-15.redhat_00013.1.el7jws.noarch.rpm
SHA-256: 39d820ac831da9658d7badc2a6fdaebb1f65b70adb8b87474428f553213471d9
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Ubuntu Security Notice 7106-1 - It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. It was discovered that Tomcat had a vulnerability in its FORM authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Debian Linux Security Advisory 5522-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution. The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month. This includes - CVE-2022-25647 (CVSS score: 7.5) - A deserialization
IBM Sterling Secure Proxy and IBM Sterling External Authentication Server 6.0.3 and 6.1.0 stores user credentials in plain clear text which can be read by a local user with container access. IBM X-Force ID: 255585.
Red Hat Security Advisory 2023-4910-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. Issues addressed include denial of service, information leakage, integer overflow, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2023-4909-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector, the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This release of Red Hat JBoss Web Server 5.7.4 serves as a replacement for Red Hat JBoss Web Server 5.7.3. This release includes bug fixes, enhancements and component upgrades, which are documented in the Release Notes, linked to in the References section. Issues addressed include denial of service, information leakage, and integer overflow vulnerabilities.
Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a ma...
Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a ma...
Red Hat JBoss Web Server 5.7.4 zip release is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, and Windows Server. Red Hat Product Security has rated this release as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a ma...
Red Hat Security Advisory 2023-4628-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include HTTP response splitting, bypass, integer overflow, out of bounds write, and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-4629-01 - Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products and packaged under Red Hat JBoss Core Services, to allow for faster distribution of updates and for a more consistent update experience. This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.57 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.51 Service Pack 2, and includes bug fixes and enhancements, which are documented in the Release Notes linked to in the References section. Issues addressed include HTTP response splitting, bypass, integer overflow, and use-after-free vulnerabilities.
An update is now available for Red Hat JBoss Core Services. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-36760: A flaw was found in the mod_proxy_ajp module of httpd. The connection is not closed when there is an invalid Transfer-Encoding header, allowing an attacker to smuggle requests to the AJP server, where it forw...
Red Hat JBoss Core Services Apache HTTP Server 2.4.57 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-24963: A flaw was found in Apache Portable Runtime (APR). This issue may allow a malicious attacker to write beyond the bounds of a buffer. * CVE-2022-28331: A flaw was found in Apache Portable Runtime, affecting versions <= 1.7.0. This issue may allow a malicious user to write beyond the end of a stack buffer and cause an integer overflow. This affect...
In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).
IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.
The fix for CVE-2023-24998 was incomplete. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
Dell VxRail, version(s) 8.0.100 and earlier contain a denial-of-service vulnerability in the upgrade functionality. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to degraded performance and system malfunction.
MongoDB Ops Manager Diagnostics Archive may not redact sensitive PEM key file password app settings. Archives do not include the PEM files themselves. This issue affects MongoDB Ops Manager v5.0 prior to 5.0.21 and MongoDB Ops Manager v6.0 prior to 6.0.12
Dell SCG 5.14 contains an information disclosure vulnerability during the SRS to SCG upgrade path. A remote low privileged malicious user could potentially exploit this vulnerability to retrieve the plain text.
The fix for CVE-2023-24998 was incomplete for Apache Tomcat 11.0.0-M2 to 11.0.0-M4, 10.1.5 to 10.1.7, 9.0.71 to 9.0.73 and 8.5.85 to 8.5.87. If non-default HTTP connector settings were used such that the maxParameterCount could be reached using query string parameters and a request was submitted that supplied exactly maxParameterCount parameters in the query string, the limit for uploaded request parts could be bypassed with the potential for a denial of service to occur.
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through...
Debian Linux Security Advisory 5381-1 - Several security vulnerabilities have been discovered in the Tomcat servlet and JSP engine.
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies created by Apache Tomcat 11.0.0-M1 to 11.0.0.-M2, 10.1.0-M1 to 10.1.5, 9.0.0-M1 to 9.0.71 and 8.5.0 to 8.5.85 did not include the secure attribute. This could result in the user agent transmitting the session cookie over an insecure channel.
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier shows temporary directories related to job workspaces, which allows attackers with Item/Workspace permission to access their contents.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a file parameter through the CLI, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers.
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.
Debian Linux Security Advisory 5370-1 - Ronald Crane discovered that missing input saniting in the apr_encode functions of apr, the Apache Portable Runtime library, may result in denial of service or potentially the execution of arbitrary code.
Ubuntu Security Notice 5885-1 - Ronald Crane discovered integer overflow vulnerabilities in the Apache Portable Runtime that could potentially result in memory corruption. A remote attacker could possibly use these issues to cause a denial of service or execute arbitrary code.
Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.
Integer Overflow or Wraparound vulnerability in apr_encode functions of Apache Portable Runtime (APR) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime (APR) version 1.7.0.
In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5.
Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an attacker can reach JMX ports. The issue exists because this listener wasn't updated for consistency with the CVE-2016-3427 Oracle patch that affected credential types.
The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own.