#apache

The request handling in the core in Apache Wicket 7.0.0 on any platform allows an attacker to create a DOS via multiple requests to server resources. Users are recommended to upgrade to versions 9.19.0 or 10.3.0, which fixes this issue.

A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).

January Linux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits. 🔸 RCE – Apache Tomcat (CVE-2024-56337). Based on the description, the vulnerability affects “case-insensitive file systems” like Windows or MacOS. However, Debian lists it as affecting tomcat9 […]

# Affected versions: - Apache Linkis Metadata Query Service JDBC 1.5.0 before 1.7.0 # Description: In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.6.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0.

The ABB BMS/BAS controller suffers from an authenticated stored cross-site scripting vulnerability. Input passed to the 'host' POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated stored cross-site scripting (XSS) vulnerability. This can be exploited by uploading a malicious .txt file containing an XSS payload, which is stored on the server and served back to users. Although the filename is sanitized via the filename POST parameter, the file contents are not inspected or sanitized, allowing attackers to inject arbitrary client-side scripts that execute in the context of any user accessing the infected file or related web page (license.php). To bypass file upload checks, the request must include the Variant string, enabling the upload process for potential exploitation.

A vulnerability was identified in a PHP script where an off-by-one error in array access could lead to undefined behavior and potential DoS. The issue arises in a loop that iterates over an array using a < condition, allowing access to an out-of-bounds index. This can trigger errors or unexpected behavior when processing data, potentially crashing the application. Successful exploitation of this vulnerability can lead to a crash or disruption of service, especially if the script handles large data sets. This issue can be triggered via the rowCount POST parameter in the Electronic Security Control device update script.

The ABB BMS/BAS controller suffers from improper input validation on the port POST parameter in the webServerUpdate.php script. This input is not validated on the server side and relies on bypassable client-side checks using the inString.js script to verify that the port parameter contains only characters from the set (0123456789). Attackers can bypass these checks and supply arbitrary integer values. Exploitation of this issue can result in configuration poisoning, Denial of Service (DoS) through malformed configurations, or manipulation of server settings via Cross-Site Request Forgery (CSRF) combined with authentication bypass.

The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated blind command injection vulnerability. Input passed to several POST parameters is not properly sanitized when writing files, allowing attackers to execute arbitrary shell commands on the system. There is also an off-by-one error in array access that could lead to undefined behavior and potential DoS.

The ABB Cylon Aspect BMS/BAS controller suffers from an authenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the contents of an uploaded .db file, which is passed to the copyFile.sh script. Although the filename is sanitized, the contents of the .db file are not, allowing attackers to inject malicious commands that are executed on the server.