Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-7656
Vulnerability from cvelistv5
Published
2018-06-26 15:00
Modified
2024-08-05 16:12
Severity ?
EPSS score ?
Summary
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | The Eclipse Foundation | Eclipse Jetty |
Version: unspecified < Version: 9.3.0 < unspecified Version: unspecified < 9.3.24 Version: 9.4.0 < unspecified Version: unspecified < 9.4.11 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T16:12:27.819Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "DSA-4278", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "1041194", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id/1041194" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[maven-issues] 20200730 [GitHub] [maven-dependency-plugin] slachiewicz commented on pull request #91: Bump jettyVersion from 9.2.28.v20190418 to 9.3.0.v20150612", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6%40%3Cissues.maven.apache.org%3E" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Eclipse Jetty", "vendor": "The Eclipse Foundation", "versions": [ { "lessThanOrEqual": "9.2.0", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "9.3.0", "versionType": "custom" }, { "lessThan": "9.3.24", "status": "affected", "version": "unspecified", "versionType": "custom" }, { "lessThan": "unspecified", "status": "affected", "version": "9.4.0", "versionType": "custom" }, { "lessThan": "9.4.11", "status": "affected", "version": "unspecified", "versionType": "custom" } ] } ], "datePublic": "2018-06-07T00:00:00", "descriptions": [ { "lang": "en", "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-444", "description": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-07-20T22:53:07", "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "shortName": "eclipse" }, "references": [ { "name": "DSA-4278", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "1041194", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id/1041194" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[maven-issues] 20200730 [GitHub] [maven-dependency-plugin] slachiewicz commented on pull request #91: Bump jettyVersion from 9.2.28.v20190418 to 9.3.0.v20150612", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6%40%3Cissues.maven.apache.org%3E" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "tags": [ "x_refsource_MISC" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2017-7656", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Jetty", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "9.2.0" }, { "version_affected": "\u003e=", "version_value": "9.3.0" }, { "version_affected": "\u003c", "version_value": "9.3.24" }, { "version_affected": "\u003e=", "version_value": "9.4.0" }, { "version_affected": "\u003c", "version_value": "9.4.11" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4278", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "1041194", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041194" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[maven-issues] 20200730 [GitHub] [maven-dependency-plugin] slachiewicz commented on pull request #91: Bump jettyVersion from 9.2.28.v20190418 to 9.3.0.v20150612", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667" }, { "name": "https://security.netapp.com/advisory/ntap-20181014-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c", "assignerShortName": "eclipse", "cveId": "CVE-2017-7656", "datePublished": "2018-06-26T15:00:00", "dateReserved": "2017-04-11T00:00:00", "dateUpdated": "2024-08-05T16:12:27.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2017-7656\",\"sourceIdentifier\":\"emo@eclipse.org\",\"published\":\"2018-06-26T15:29:00.217\",\"lastModified\":\"2024-11-21T03:32:23.400\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.\"},{\"lang\":\"es\",\"value\":\"En Eclipse Jetty, en versiones 9.2.x y anteriores, versiones 9.3.x (todas las configuraciones) y versiones 9.4.x (configuraci\u00f3n personalizada con el cumplimiento RFC2616 habilitado), HTTP/0.9 se gestiona de forma incorrecta. Una l\u00ednea de petici\u00f3n de estilo HTTP/1 (p.ej., m\u00e9todo espacio URI espacio versi\u00f3n) que declara una versi\u00f3n de HTTP/0.9 se acept\u00f3 y trat\u00f3 como petici\u00f3n 0.9. Si se implementa tras un intermediario que tambi\u00e9n acept\u00f3 y pas\u00f3 la versi\u00f3n 0.9 (pero no actu\u00f3 en consecuencia), la respuesta enviada podr\u00eda ser interpretada por el intermediario como cabeceras HTTP/1. Esto podr\u00eda utilizarse para envenenar la cach\u00e9 si el servidor permite que el cliente de origen genere contenido arbitrario en la respuesta.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"emo@eclipse.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.2.26\",\"matchCriteriaId\":\"486E784F-1FC5-42AA-B144-EDBE5FE9B993\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.3.0\",\"versionEndExcluding\":\"9.3.24\",\"matchCriteriaId\":\"C513260A-7AD7-44C2-97F0-167B5819475E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.4.0\",\"versionEndExcluding\":\"9.4.11\",\"matchCriteriaId\":\"5A720480-0A8A-48FE-85FE-6973DAB7A7D5\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041194\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6%40%3Cissues.maven.apache.org%3E\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20181014-0001/\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4278\",\"source\":\"emo@eclipse.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"emo@eclipse.org\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"emo@eclipse.org\"},{\"url\":\"http://www.securitytracker.com/id/1041194\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451%40%3Csolr-user.lucene.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6%40%3Cissues.maven.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20181014-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4278\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com//security-alerts/cpujul2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
gsd-2017-7656
Vulnerability from gsd
Modified
2023-12-13 01:21
Details
In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2017-7656", "description": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.", "id": "GSD-2017-7656", "references": [ "https://www.debian.org/security/2018/dsa-4278" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2017-7656" ], "details": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.", "id": "GSD-2017-7656", "modified": "2023-12-13T01:21:06.701220Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2017-7656", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Eclipse Jetty", "version": { "version_data": [ { "version_affected": "\u003c=", "version_value": "9.2.0" }, { "version_affected": "\u003e=", "version_value": "9.3.0" }, { "version_affected": "\u003c", "version_value": "9.3.24" }, { "version_affected": "\u003e=", "version_value": "9.4.0" }, { "version_affected": "\u003c", "version_value": "9.4.11" } ] } } ] }, "vendor_name": "The Eclipse Foundation" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-444: Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)" } ] } ] }, "references": { "reference_data": [ { "name": "DSA-4278", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "1041194", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041194" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[maven-issues] 20200730 [GitHub] [maven-dependency-plugin] slachiewicz commented on pull request #91: Bump jettyVersion from 9.2.28.v20190418 to 9.3.0.v20150612", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667", "refsource": "CONFIRM", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667" }, { "name": "https://security.netapp.com/advisory/ntap-20181014-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us", "refsource": "CONFIRM", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "name": "https://www.oracle.com//security-alerts/cpujul2021.html", "refsource": "MISC", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } }, "gitlab.com": { "advisories": [ { "affected_range": "(,9.2.26],[9.3.0,9.3.24),[9.4.0,9.4.11)", "affected_versions": "All versions up to 9.2.26, all versions starting from 9.3.0 before 9.3.24, all versions starting from 9.4.0 before 9.4.11", "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "cwe_ids": [ "CWE-1035", "CWE-937" ], "date": "2019-10-03", "description": "Eclipse Jetty contains a vulnerability that could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.", "fixed_versions": [ "9.2.26.v20180806", "9.3.24.v20180605", "9.4.11.v20180605" ], "identifier": "CVE-2017-7656", "identifiers": [ "CVE-2017-7656" ], "not_impacted": "All versions after 9.2.26 before 9.3.0, all versions starting from 9.3.24 before 9.4.0, all versions starting from 9.4.11", "package_slug": "maven/org.eclipse.jetty/jetty-server", "pubdate": "2018-06-26", "solution": "Upgrade to versions 9.2.26.v20180806, 9.3.24.v20180605, 9.4.11.v20180605 or above.", "title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)", "urls": [ "https://nvd.nist.gov/vuln/detail/CVE-2017-7656", "http://www.securitytracker.com/id/1041194" ], "uuid": "a2cd170e-c3ef-4284-8b19-dceab697a9f0" } ] }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.4.11", "versionStartIncluding": "9.4.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.3.24", "versionStartIncluding": "9.3.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.2.26", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "security@eclipse.org", "ID": "CVE-2017-7656" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667", "refsource": "CONFIRM", "tags": [ "Third Party Advisory" ], "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667" }, { "name": "1041194", "refsource": "SECTRACK", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id/1041194" }, { "name": "DSA-4278", "refsource": "DEBIAN", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2018/dsa-4278" }, { "name": "https://security.netapp.com/advisory/ntap-20181014-0001/", "refsource": "CONFIRM", "tags": [], "url": "https://security.netapp.com/advisory/ntap-20181014-0001/" }, { "name": "[activemq-issues] 20190820 [jira] [Created] (AMQ-7279) Security Vulnerabilities in Libraries - jackson-databind-2.9.8.jar, tomcat-servlet-api-8.0.53.jar, tomcat-websocket-api-8.0.53.jar, zookeeper-3.4.6.jar, guava-18.0.jar, jetty-all-9.2.26.v20180806.jar, scala-library-2.11.0.jar", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us", "refsource": "CONFIRM", "tags": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "refsource": "MISC", "tags": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "name": "[lucene-solr-user] 20190104 Re: SOLR v7 Security Issues Caused Denial of Use - Sonatype Application Composition Report", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "name": "[maven-issues] 20200730 [GitHub] [maven-dependency-plugin] slachiewicz commented on pull request #91: Bump jettyVersion from 9.2.28.v20190418 to 9.3.0.v20150612", "refsource": "MLIST", "tags": [], "url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "tags": [], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "N/A", "refsource": "N/A", "tags": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2021-07-20T23:15Z", "publishedDate": "2018-06-26T15:29Z" } } }
ghsa-84q7-p226-4x5w
Vulnerability from github
Published
2018-10-19 16:16
Modified
2022-09-14 01:08
Severity ?
Summary
Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)
Details
Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning.
{ "affected": [ { "database_specific": { "last_known_affected_version_range": "\u003c= 9.3.23.v20180228" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty:jetty-server" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "9.3.24.v20180605" } ], "type": "ECOSYSTEM" } ] }, { "database_specific": { "last_known_affected_version_range": "\u003c= 9.4.10.v20180503" }, "package": { "ecosystem": "Maven", "name": "org.eclipse.jetty:jetty-server" }, "ranges": [ { "events": [ { "introduced": "9.4.0" }, { "fixed": "9.4.11.v20180605" } ], "type": "ECOSYSTEM" } ] } ], "aliases": [ "CVE-2017-7656" ], "database_specific": { "cwe_ids": [ "CWE-444" ], "github_reviewed": true, "github_reviewed_at": "2020-06-16T21:24:19Z", "nvd_published_at": "2018-06-26T15:29:00Z", "severity": "HIGH" }, "details": "Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), contain an HTTP Request Smuggling Vulnerability that can result in cache poisoning.", "id": "GHSA-84q7-p226-4x5w", "modified": "2022-09-14T01:08:10Z", "published": "2018-10-19T16:16:27Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656" }, { "type": "WEB", "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=535667" }, { "type": "ADVISORY", "url": "https://github.com/advisories/GHSA-84q7-p226-4x5w" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272@%3Cissues.activemq.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9c248d1d535a39451@%3Csolr-user.lucene.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E" }, { "type": "WEB", "url": "https://lists.apache.org/thread.html/rbf4565a0b63f9c8b07fab29352a97bbffe76ecafed8b8555c15b83c6@%3Cissues.maven.apache.org%3E" }, { "type": "WEB", "url": "https://security.netapp.com/advisory/ntap-20181014-0001" }, { "type": "WEB", "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbst03953en_us" }, { "type": "WEB", "url": "https://www.debian.org/security/2018/dsa-4278" }, { "type": "WEB", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "type": "WEB", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1041194" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "type": "CVSS_V3" } ], "summary": "Jetty vulnerable to cache poisoning due to inconsistent HTTP request handling (HTTP Request Smuggling)" }
wid-sec-w-2023-2993
Vulnerability from csaf_certbund
Published
2023-11-21 23:00
Modified
2023-12-12 23:00
Summary
Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.
Bitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.
Confluence ist eine kommerzielle Wiki-Software.
Jira ist eine Webanwendung zur Softwareentwicklung.
Angriff
Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuführen, Sicherheitsmaßnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuführen, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuführen.
Betroffene Betriebssysteme
- Linux
- MacOS X
- Windows
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Bamboo ist ein Werkzeug zur kontinuierlichen Integration und Bereitstellung, das automatisierte Builds, Tests und Freigaben in einem einzigen Arbeitsablauf verbindet.\r\nBitbucket ist ein Git-Server zur Sourcecode-Versionskontrolle.\r\nConfluence ist eine kommerzielle Wiki-Software.\r\nJira ist eine Webanwendung zur Softwareentwicklung.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein Angreifer kann mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Linux\n- MacOS X\n- Windows", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2993 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2993.json" }, { "category": "self", "summary": "WID-SEC-2023-2993 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2993" }, { "category": "external", "summary": "Atlassian Security Bulletin vom 2023-11-21", "url": "https://confluence.atlassian.com/security/security-bulletin-november-21-2023-1318881573.html" }, { "category": "external", "summary": "Atlassian Security Bulletin December 12 2023 vom 2023-12-12", "url": "https://confluence.atlassian.com/security/security-bulletin-december-12-2023-1319249520.html" } ], "source_lang": "en-US", "title": "Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence and Atlassian Jira Software: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-12-12T23:00:00.000+00:00", "generator": { "date": "2024-08-15T18:01:59.515+00:00", "engine": { "name": "BSI-WID", "version": "1.3.5" } }, "id": "WID-SEC-W-2023-2993", "initial_release_date": "2023-11-21T23:00:00.000+00:00", "revision_history": [ { "date": "2023-11-21T23:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" }, { "date": "2023-11-23T23:00:00.000+00:00", "number": "2", "summary": "Bewertung angepasst" }, { "date": "2023-12-12T23:00:00.000+00:00", "number": "3", "summary": "Neue Updates aufgenommen" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.2.7", "product": { "name": "Atlassian Bamboo \u003c 9.2.7", "product_id": "1529586", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.2.7" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.2.7", "product": { "name": "Atlassian Bamboo \u003c 9.2.7", "product_id": "T031322", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.2.7" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.3.4", "product": { "name": "Atlassian Bamboo \u003c 9.3.4", "product_id": "T031323", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.4" } } }, { "category": "product_name", "name": "Atlassian Bamboo \u003c 9.3.5", "product": { "name": "Atlassian Bamboo \u003c 9.3.5", "product_id": "T031324", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bamboo:9.3.5" } } } ], "category": "product_name", "name": "Bamboo" }, { "branches": [ { "category": "product_name", "name": "Atlassian Bitbucket \u003c 7.21.18", "product": { "name": "Atlassian Bitbucket \u003c 7.21.18", "product_id": "T031325", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:7.21.18" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.9.7", "product": { "name": "Atlassian Bitbucket \u003c 8.9.7", "product_id": "T031614", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.9.7" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.11.6", "product": { "name": "Atlassian Bitbucket \u003c 8.11.6", "product_id": "T031615", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.11.6" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.12.4", "product": { "name": "Atlassian Bitbucket \u003c 8.12.4", "product_id": "T031616", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.12.4" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.13.3", "product": { "name": "Atlassian Bitbucket \u003c 8.13.3", "product_id": "T031617", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.13.3" } } }, { "category": "product_name", "name": "Atlassian Bitbucket \u003c 8.14.2", "product": { "name": "Atlassian Bitbucket \u003c 8.14.2", "product_id": "T031618", "product_identification_helper": { "cpe": "cpe:/a:atlassian:bitbucket:8.14.2" } } } ], "category": "product_name", "name": "Bitbucket" }, { "branches": [ { "category": "product_name", "name": "Atlassian Confluence \u003c 8.3.4", "product": { "name": "Atlassian Confluence \u003c 8.3.4", "product_id": "T030846", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.3.4" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.6.1", "product": { "name": "Atlassian Confluence \u003c 8.6.1", "product_id": "T031326", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.6.1" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 7.19.17", "product": { "name": "Atlassian Confluence \u003c 7.19.17", "product_id": "T031609", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:7.19.17" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.4.5", "product": { "name": "Atlassian Confluence \u003c 8.4.5", "product_id": "T031610", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.4.5" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.5.4", "product": { "name": "Atlassian Confluence \u003c 8.5.4", "product_id": "T031611", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.5.4" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.6.2", "product": { "name": "Atlassian Confluence \u003c 8.6.2", "product_id": "T031612", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.6.2" } } }, { "category": "product_name", "name": "Atlassian Confluence \u003c 8.7.1", "product": { "name": "Atlassian Confluence \u003c 8.7.1", "product_id": "T031613", "product_identification_helper": { "cpe": "cpe:/a:atlassian:confluence:8.7.1" } } } ], "category": "product_name", "name": "Confluence" }, { "branches": [ { "category": "product_name", "name": "Atlassian Jira Software \u003c 9.11.3", "product": { "name": "Atlassian Jira Software \u003c 9.11.3", "product_id": "T031327", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.11.3" } } }, { "category": "product_name", "name": "Atlassian Jira Software \u003c 9.4.13", "product": { "name": "Atlassian Jira Software \u003c 9.4.13", "product_id": "T031606", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:9.4.13" } } }, { "category": "product_name", "name": "Atlassian Jira Software Service Management \u003c 4.20.28", "product": { "name": "Atlassian Jira Software Service Management \u003c 4.20.28", "product_id": "T031607", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__4.20.28" } } }, { "category": "product_name", "name": "Atlassian Jira Software Service Management \u003c 5.4.12", "product": { "name": "Atlassian Jira Software Service Management \u003c 5.4.12", "product_id": "T031608", "product_identification_helper": { "cpe": "cpe:/a:atlassian:jira_software:service_management__5.4.12" } } } ], "category": "product_name", "name": "Jira Software" } ], "category": "vendor", "name": "Atlassian" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-44487", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2023-44487" }, { "cve": "CVE-2023-42794", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2023-42794" }, { "cve": "CVE-2023-34396", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2023-34396" }, { "cve": "CVE-2023-2976", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2023-2976" }, { "cve": "CVE-2023-22521", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2023-22521" }, { "cve": "CVE-2023-22516", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2023-22516" }, { "cve": "CVE-2022-45143", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-45143" }, { "cve": "CVE-2022-42890", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-42890" }, { "cve": "CVE-2022-42252", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-42252" }, { "cve": "CVE-2022-42004", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-42004" }, { "cve": "CVE-2022-42003", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-42003" }, { "cve": "CVE-2022-41704", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-41704" }, { "cve": "CVE-2022-40146", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-40146" }, { "cve": "CVE-2022-28366", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-28366" }, { "cve": "CVE-2022-25647", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2022-25647" }, { "cve": "CVE-2021-46877", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2021-46877" }, { "cve": "CVE-2021-40690", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2021-40690" }, { "cve": "CVE-2021-37714", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2021-37714" }, { "cve": "CVE-2021-28165", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2021-28165" }, { "cve": "CVE-2020-36518", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2020-36518" }, { "cve": "CVE-2017-9735", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2017-9735" }, { "cve": "CVE-2017-7656", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Atlassian Bamboo, Atlassian Bitbucket, Atlassian Confluence und Atlassian Jira Software. Diese Fehler bestehen unter anderem in verschiedenen Komponenten wie com.google.guava:guava oder jackson-databind. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, Sicherheitsma\u00dfnahmen zu umgehen, einen Denial-of-Service-Zustand herbeizuf\u00fchren, vertrauliche Informationen offenzulegen oder einen Cross-Site-Scripting-Angriff durchzuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung einiger dieser Schwachstellen ist eine Anmeldung oder eine Interaktion des Nutzers notwendig." } ], "product_status": { "known_affected": [ "T031610", "T031612", "T031611", "T031614", "T031613", "1529586", "T030846", "T031616", "T031615", "T031607", "T031618", "T031606", "T031617", "T031609", "T031608" ] }, "release_date": "2023-11-21T23:00:00.000+00:00", "title": "CVE-2017-7656" } ] }
rhsa-2020_3779
Vulnerability from csaf_redhat
Published
2020-09-17 13:07
Modified
2024-12-22 18:43
Summary
Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update
Notes
Topic
An update for Red Hat Data Grid is now available.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.
This release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.
Security Fix(es):
* jetty: Incorrect header handling (CVE-2017-7658)
* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)
* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)
* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)
* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)
* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)
* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)
* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)
* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)
* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)
* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)
* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)
* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)
* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)
* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)
* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)
* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)
* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)
* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)
* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)
* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)
* netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for Red Hat Data Grid is now available.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Data Grid is a distributed, in-memory, NoSQL datastore based on the Infinispan project.\n\nThis release of Red Hat Data Grid 7.3.7 serves as a replacement for Red Hat Data Grid 7.3.6 and includes bug fixes and enhancements, which are described in the Release Notes, linked to in the References section of this erratum.\n\nSecurity Fix(es):\n\n* jetty: Incorrect header handling (CVE-2017-7658)\n\n* EAP: field-name is not parsed in accordance to RFC7230 (CVE-2020-1710)\n\n* undertow: AJP File Read/Inclusion Vulnerability (CVE-2020-1745)\n\n* undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass (CVE-2020-1757)\n\n* jackson-databind: Lacks certain xbean-reflect/JNDI blocking (CVE-2020-8840)\n\n* jackson-databind: Serialization gadgets in shaded-hikari-config (CVE-2020-9546)\n\n* jackson-databind: Serialization gadgets in ibatis-sqlmap (CVE-2020-9547)\n\n* jackson-databind: Serialization gadgets in anteros-core (CVE-2020-9548)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10672)\n\n* jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution (CVE-2020-10673)\n\n* jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider (CVE-2020-10968)\n\n* jackson-databind: Serialization gadgets in javax.swing.JEditorPane (CVE-2020-10969)\n\n* jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory (CVE-2020-11111)\n\n* jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider (CVE-2020-11112)\n\n* jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime (CVE-2020-11113)\n\n* jackson-databind: Serialization gadgets in org.springframework:spring-aop (CVE-2020-11619)\n\n* jackson-databind: Serialization gadgets in commons-jelly:commons-jelly (CVE-2020-11620)\n\n* jackson-mapper-asl: XML external entity similar to CVE-2016-3720 (CVE-2019-10172)\n\n* resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class (CVE-2020-1695)\n\n* Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain (CVE-2020-1719)\n\n* Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain (CVE-2020-1748)\n\n* wildfly-elytron: session fixation when using FORM authentication (CVE-2020-10714)\n\n* netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes (CVE-2020-11612)\n\n* log4j: improper validation of certificate with host mismatch in SMTP appender (CVE-2020-9488)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2020:3779", "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3", "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=data.grid\u0026downloadType=securityPatches\u0026version=7.3" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index", "url": "https://access.redhat.com/documentation/en-us/red_hat_data_grid/7.3/html/red_hat_data_grid_7.3_release_notes/index" }, { "category": "external", "summary": "1595621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621" }, { "category": "external", "summary": "1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "1831139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_3779.json" } ], "title": "Red Hat Security Advisory: Red Hat Data Grid 7.3.7 security update", "tracking": { "current_release_date": "2024-12-22T18:43:12+00:00", "generator": { "date": "2024-12-22T18:43:12+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.4" } }, "id": "RHSA-2020:3779", "initial_release_date": "2020-09-17T13:07:49+00:00", "revision_history": [ { "date": "2020-09-17T13:07:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2020-09-17T13:07:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-12-22T18:43:12+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Data Grid 7.3.7", "product": { "name": "Red Hat Data Grid 7.3.7", "product_id": "Red Hat Data Grid 7.3.7", "product_identification_helper": { "cpe": "cpe:/a:redhat:jboss_data_grid:7.3" } } } ], "category": "product_family", "name": "Red Hat JBoss Data Grid" } ], "category": "vendor", "name": "Red Hat" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-7656", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595639" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), HTTP/0.9 is handled poorly. An HTTP/1 style request line (i.e. method space URI space version) that declares a version of HTTP/0.9 was accepted and treated as a 0.9 request. If deployed behind an intermediary that also accepted and passed through the 0.9 version (but did not act on it), then the response sent could be interpreted by the intermediary as HTTP/1 headers. This could be used to poison the cache if the server allowed the origin client to generate arbitrary content in the response.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: HTTP request smuggling using the range header", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7656" }, { "category": "external", "summary": "RHBZ#1595639", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595639" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7656", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7656" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7656" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jetty: HTTP request smuggling using the range header" }, { "cve": "CVE-2017-7657", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595620" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty, versions 9.2.x and older, 9.3.x (all configurations), and 9.4.x (non-default configuration with RFC2616 compliance enabled), transfer-encoding chunks are handled poorly. The chunk length parsing was vulnerable to an integer overflow. Thus a large chunk size could be interpreted as a smaller chunk size and content sent as chunk body could be interpreted as a pipelined request. If Jetty was deployed behind an intermediary that imposed some authorization and that intermediary allowed arbitrarily large chunks to be passed on unchanged, then this flaw could be used to bypass the authorization imposed by the intermediary as the fake pipelined request would not be interpreted by the intermediary as a request.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: HTTP request smuggling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7657" }, { "category": "external", "summary": "RHBZ#1595620", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595620" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7657", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7657" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7657" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jetty: HTTP request smuggling" }, { "cve": "CVE-2017-7658", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "discovery_date": "2018-06-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1595621" } ], "notes": [ { "category": "description", "text": "In Eclipse Jetty Server, versions 9.2.x and older, 9.3.x (all non HTTP/1.x configurations), and 9.4.x (all HTTP/1.x configurations), when presented with two content-lengths headers, Jetty ignored the second. When presented with a content-length and a chunked encoding header, the content-length was ignored (as per RFC 2616). If an intermediary decided on the shorter length, but still passed on the longer body, then body content could be interpreted by Jetty as a pipelined request. If the intermediary was imposing authorization, the fake pipelined request would bypass that authorization.", "title": "Vulnerability description" }, { "category": "summary", "text": "jetty: Incorrect header handling", "title": "Vulnerability summary" }, { "category": "other", "text": "This issue affects the versions of jetty embedded in the nutch package as shipped with Red Hat Satellite 5. The nutch service is not exposed, as such exploitation is difficult, Red Hat Product Security has rated this issue as having security impact of Low. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.\n\nData Grid 7 has deprecated the agent-bond utility that permits this flaw; it is disabled by default and is no longer supported. While the functionality is still available for backward-compatibility usage, customers are strongly recommended to use Prometheus JMX instead. As the functionality is deprecated and no longer supported, the flaw has been scored as Moderate for Data Grid 7.\n\nData Grid 8 is not affected by this flaw.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2017-7658" }, { "category": "external", "summary": "RHBZ#1595621", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595621" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2017-7658", "url": "https://www.cve.org/CVERecord?id=CVE-2017-7658" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7658" } ], "release_date": "2018-06-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jetty: Incorrect header handling" }, { "acknowledgments": [ { "names": [ "Brian Stansberry" ], "organization": "Red Hat", "summary": "This issue was discovered by Red Hat." } ], "cve": "CVE-2019-10172", "cwe": { "id": "CWE-611", "name": "Improper Restriction of XML External Entity Reference" }, "discovery_date": "2019-04-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1715075" } ], "notes": [ { "category": "description", "text": "A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libraries such that an XML external entity (XXE) vulnerability affects codehaus\u0027s jackson-mapper-asl libraries. This vulnerability is similar to CVE-2016-3720. The primary threat from this flaw is data integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2019-10172" }, { "category": "external", "summary": "RHBZ#1715075", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715075" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2019-10172", "url": "https://www.cve.org/CVERecord?id=CVE-2019-10172" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10172" } ], "release_date": "2019-11-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-mapper-asl: XML external entity similar to CVE-2016-3720" }, { "acknowledgments": [ { "names": [ "Mirko Selber" ], "organization": "Compass Security" } ], "cve": "CVE-2020-1695", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2019-07-16T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1730462" } ], "notes": [ { "category": "description", "text": "A flaw was found in Resteasy, where an improper input validation results in returning an illegal header that integrates into the server\u0027s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.", "title": "Vulnerability description" }, { "category": "summary", "text": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1695" }, { "category": "external", "summary": "RHBZ#1730462", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730462" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1695", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1695" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1695" } ], "release_date": "2020-04-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "resteasy: Improper validation of response header in MediaTypeHeaderDelegate.java class" }, { "cve": "CVE-2020-1710", "cwe": { "id": "CWE-113", "name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)" }, "discovery_date": "2019-12-20T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1793970" } ], "notes": [ { "category": "description", "text": "A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400.", "title": "Vulnerability description" }, { "category": "summary", "text": "EAP: field-name is not parsed in accordance to RFC7230", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1710" }, { "category": "external", "summary": "RHBZ#1793970", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1793970" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1710", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1710" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1710" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "There is currently no known mitigation for this issue.", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "EAP: field-name is not parsed in accordance to RFC7230" }, { "cve": "CVE-2020-1719", "cwe": { "id": "CWE-270", "name": "Privilege Context Switching Error" }, "discovery_date": "2019-08-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1796617" } ], "notes": [ { "category": "description", "text": "A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1719" }, { "category": "external", "summary": "RHBZ#1796617", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1796617" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1719", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1719" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1719" } ], "release_date": "2019-06-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain" }, { "acknowledgments": [ { "names": [ "Steve Zapantis", "Robert Roberson", "taktakdb4g" ] } ], "cve": "CVE-2020-1745", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807305" } ], "notes": [ { "category": "description", "text": "A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before. A remote, unauthenticated attacker could exploit this vulnerability to read web application files from a vulnerable server. In instances where the vulnerable server allows file uploads, an attacker could upload malicious JavaServer Pages (JSP) code within a variety of file types and trigger this vulnerability to gain remote code execution.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: AJP File Read/Inclusion Vulnerability", "title": "Vulnerability summary" }, { "category": "other", "text": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251 and CVE page https://access.redhat.com/security/cve/cve-2020-1938", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1745" }, { "category": "external", "summary": "RHBZ#1807305", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807305" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1745", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1745" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1745" }, { "category": "external", "summary": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/", "url": "https://meterpreter.org/cve-2020-1938-apache-tomcat-ajp-connector-remote-code-execution-vulnerability-alert/" }, { "category": "external", "summary": "https://www.cnvd.org.cn/webinfo/show/5415", "url": "https://www.cnvd.org.cn/webinfo/show/5415" }, { "category": "external", "summary": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487", "url": "https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487" } ], "release_date": "2020-02-26T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "Please refer to the Red Hat knowledgebase article: https://access.redhat.com/solutions/4851251", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 7.6, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: AJP File Read/Inclusion Vulnerability" }, { "cve": "CVE-2020-1748", "cwe": { "id": "CWE-285", "name": "Improper Authorization" }, "discovery_date": "2020-02-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1807707" } ], "notes": [ { "category": "description", "text": "A flaw was found in Wildfly, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.", "title": "Vulnerability description" }, { "category": "summary", "text": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1748" }, { "category": "external", "summary": "RHBZ#1807707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1807707" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1748", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1748" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1748" } ], "release_date": "2020-08-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain" }, { "acknowledgments": [ { "names": [ "Fedorov Oleksii", "Keitaro Yamazaki", "Shiga Ryota" ], "organization": "LINE Corporation" } ], "cve": "CVE-2020-1757", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2019-09-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1752770" } ], "notes": [ { "category": "description", "text": "A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass.", "title": "Vulnerability description" }, { "category": "summary", "text": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-1757" }, { "category": "external", "summary": "RHBZ#1752770", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1752770" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-1757", "url": "https://www.cve.org/CVERecord?id=CVE-2020-1757" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1757" } ], "release_date": "2018-12-19T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The issue can be mitigated by configuring UrlPathHelper to ignore the servletPath via setting \"alwaysUseFullPath\".", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass" }, { "cve": "CVE-2020-8840", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816330" } ], "notes": [ { "category": "description", "text": "A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A \"gadget\" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-8840" }, { "category": "external", "summary": "RHBZ#1816330", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816330" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-8840", "url": "https://www.cve.org/CVERecord?id=CVE-2020-8840" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8840" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Lacks certain xbean-reflect/JNDI blocking" }, { "cve": "CVE-2020-9488", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "discovery_date": "2020-04-25T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1831139" } ], "notes": [ { "category": "description", "text": "Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1", "title": "Vulnerability description" }, { "category": "summary", "text": "log4j: improper validation of certificate with host mismatch in SMTP appender", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9488" }, { "category": "external", "summary": "RHBZ#1831139", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1831139" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9488", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9488" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9488" } ], "release_date": "2020-04-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "Previous versions can set the system property mail.smtp.ssl.checkserveridentity to true to globally enable hostname verification for SMTPS connections.", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "log4j: improper validation of certificate with host mismatch in SMTP appender" }, { "cve": "CVE-2020-9546", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816332" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in shaded-hikari-config", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9546" }, { "category": "external", "summary": "RHBZ#1816332", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816332" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9546", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9546" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9546" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in shaded-hikari-config" }, { "cve": "CVE-2020-9547", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816337" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in ibatis-sqlmap", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9547" }, { "category": "external", "summary": "RHBZ#1816337", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816337" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9547", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9547" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9547" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in ibatis-sqlmap" }, { "cve": "CVE-2020-9548", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-02T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816340" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in anteros-core", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-9548" }, { "category": "external", "summary": "RHBZ#1816340", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816340" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-9548", "url": "https://www.cve.org/CVERecord?id=CVE-2020-9548" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9548" } ], "release_date": "2020-03-02T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in anteros-core" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815495" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10672" }, { "category": "external", "summary": "RHBZ#1815495", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815495" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10672", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10672" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10672" } ], "release_date": "2020-03-15T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-19T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1815470" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. FasterXML jackson-databind 2.x mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time. Additionally, the gadget is not available within Red Hat Openstack Platform\u0027s OpenDaylight.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10673" }, { "category": "external", "summary": "RHBZ#1815470", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1815470" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10673", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10673" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10673" } ], "release_date": "2020-03-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: mishandles the interaction between serialization gadgets and typing which could result in remote command execution" }, { "acknowledgments": [ { "names": [ "Mark Banierink" ], "organization": "Nedap" } ], "cve": "CVE-2020-10714", "cwe": { "id": "CWE-384", "name": "Session Fixation" }, "discovery_date": "2020-03-24T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1825714" } ], "notes": [ { "category": "description", "text": "A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "wildfly-elytron: session fixation when using FORM authentication", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10714" }, { "category": "external", "summary": "RHBZ#1825714", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1825714" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10714", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10714" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10714" } ], "release_date": "2020-04-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "This attack is dependent on the attacker being able to create a session and the victim accessing the session before the session expires, we do have a 15 minute session timeout by default but the attacker could also keep this alive by say sending in a request every five minutes.\n\nThe server by default supports session tracking by URL and Cookie, if the web.xml is updated to support COOKIE only the exploit is not possible by sharing the link.\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eURL\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~\nTO\n~~~\n \u003csession-config\u003e\n \u003ctracking-mode\u003eCOOKIE\u003c/tracking-mode\u003e\n \u003c/session-config\u003e\n~~~", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "wildfly-elytron: session fixation when using FORM authentication" }, { "cve": "CVE-2020-10968", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819208" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x prior to version 2.9.10.4. The interaction between serialization gadgets and typing is mishandled in the bus-proxy. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10968" }, { "category": "external", "summary": "RHBZ#1819208", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819208" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10968", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10968" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10968" } ], "release_date": "2020-03-22T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.aoju.bus.proxy.provider.*.RmiProvider" }, { "cve": "CVE-2020-10969", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-03-26T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1819212" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane", "title": "Vulnerability summary" }, { "category": "other", "text": "While OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-10969" }, { "category": "external", "summary": "RHBZ#1819212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1819212" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-10969", "url": "https://www.cve.org/CVERecord?id=CVE-2020-10969" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-10969" } ], "release_date": "2020-03-03T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "jackson-databind: Serialization gadgets in javax.swing.JEditorPane" }, { "cve": "CVE-2020-11111", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821304" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11111" }, { "category": "external", "summary": "RHBZ#1821304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821304" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11111", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11111" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11111" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2664", "url": "https://github.com/FasterXML/jackson-databind/issues/2664" } ], "release_date": "2020-03-24T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.activemq.jms.pool.XaPooledConnectionFactory" }, { "cve": "CVE-2020-11112", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821311" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11112" }, { "category": "external", "summary": "RHBZ#1821311", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821311" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11112", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11112" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11112" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2666", "url": "https://github.com/FasterXML/jackson-databind/issues/2666" } ], "release_date": "2020-03-25T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.commons.proxy.provider.remoting.RmiProvider" }, { "cve": "CVE-2020-11113", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "discovery_date": "2020-03-31T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1821315" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.4. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.\n\nRed Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11113" }, { "category": "external", "summary": "RHBZ#1821315", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1821315" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11113", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11113" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11113" }, { "category": "external", "summary": "https://github.com/FasterXML/jackson-databind/issues/2670", "url": "https://github.com/FasterXML/jackson-databind/issues/2670" } ], "release_date": "2020-03-28T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.apache.openjpa.ee.WASRegistryManagedRuntime" }, { "cve": "CVE-2020-11612", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2020-03-23T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1816216" } ], "notes": [ { "category": "description", "text": "A flaw was found in Netty in the way it handles the amount of data it compresses and decompresses. The Compression/Decompression codecs should enforce memory allocation size limits to avoid an Out of Memory Error (OOME) or exhaustion of the memory pool.", "title": "Vulnerability description" }, { "category": "summary", "text": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes", "title": "Vulnerability summary" }, { "category": "other", "text": "In OpenShift Container Platform end users don\u0027t have direct access to send requests to ElasticSearch. A user could need access to the ElasticSearch service on the internal cluster network in order to be able to send malicious requests to it.\n\n\nThird party scanners flagging Red Hat Satellite due to availability of the higher version packages in Red Hat AMQ Clients (through errata RHSA-2020:2605) compare to the qpid packages from Satellite Tools repository. qpid dependency fixed in errata RHSA-2020:2605 was for Red Hat AMQ Clients and it doesn\u0027t necessarily mean that packages from Satellite Tools are affected. These are two different products with different architecture and code-base. Updating the packages from any other repository than the Satellite-tools repository is not recommended for Satellite Customers. \n\nRed Hat Satellite 6.7 and earlier ship affected version of netty, however, there is no external connection being exposed and it is used by only Artemis to open an internal connection within the JVM. Since netty does not come into contact with untrusted data, vulnerability is not exposed in product code and there is no breach of Confidentiality, Integrity or Availability expected from this vulnerability. We may update the netty and its dependency in a future release.\n\nMore information regarding Satellite related packages can be found on KCS: https://access.redhat.com/solutions/5200591", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11612" }, { "category": "external", "summary": "RHBZ#1816216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1816216" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11612", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11612" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11612" } ], "release_date": "2020-01-31T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "netty: compression/decompression codecs don\u0027t enforce limits on buffer allocation sizes" }, { "cve": "CVE-2020-11619", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826805" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in org.springframework:spring-aop", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11619" }, { "category": "external", "summary": "RHBZ#1826805", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826805" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11619", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11619" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11619" } ], "release_date": "2020-04-06T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in org.springframework:spring-aop" }, { "cve": "CVE-2020-11620", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "discovery_date": "2020-04-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1826798" } ], "notes": [ { "category": "description", "text": "A flaw was found in jackson-databind 2.x. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "title": "Vulnerability description" }, { "category": "summary", "text": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly", "title": "Vulnerability summary" }, { "category": "other", "text": "Red Hat OpenStack Platform ships OpenDaylight, which contains the vulnerable jackson-databind. However, OpenDaylight does not expose jackson-databind in a way that would make it vulnerable, lowering the impact of the vulnerability for OpenDaylight. As such, Red Hat will not be providing a fix for OpenDaylight at this time.\n\nThe PKI module as shipped in Red Hat Enterprise Linux 8 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used, lowering the impact of the vulnerability for the Product. We may update the jackson-databind dependency in a future release.\n\nWhile OpenShift Container Platform\u0027s elasticsearch plugins do ship the vulnerable component, it doesn\u0027t do any of the unsafe things described in https://access.redhat.com/solutions/3279231. We may update the jackson-databind dependency in a future release.\n\nRed Hat Satellite 6 does not enable polymorphic deserialization which is a required configuration for the vulnerability to be used. We may update the jackson-databind dependency in a future release.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Red Hat Data Grid 7.3.7" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2020-11620" }, { "category": "external", "summary": "RHBZ#1826798", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826798" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2020-11620", "url": "https://www.cve.org/CVERecord?id=CVE-2020-11620" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11620" } ], "release_date": "2020-04-07T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2020-09-17T13:07:49+00:00", "details": "To install this update, do the following:\n\n1. Download the Data Grid 7.3.7 server patch from the customer portal. See the download link in the References section.\n2. Back up your existing Data Grid installation. You should back up databases, configuration files, and so on.\n3. Install the Data Grid 7.3.7 server patch. Refer to the 7.3 Release Notes for patching instructions.\n4. Restart Data Grid to ensure the changes take effect.", "product_ids": [ "Red Hat Data Grid 7.3.7" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2020:3779" }, { "category": "workaround", "details": "The following conditions are needed for an exploit, we recommend avoiding all if possible:\n* Deserialization from sources you do not control\n* `enableDefaultTyping()`\n* `@JsonTypeInfo using `id.CLASS` or `id.MINIMAL_CLASS`", "product_ids": [ "Red Hat Data Grid 7.3.7" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Red Hat Data Grid 7.3.7" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "jackson-databind: Serialization gadgets in commons-jelly:commons-jelly" } ] }
ncsc-2024-0231
Vulnerability from csaf_ncscnl
Published
2024-05-22 11:13
Modified
2024-05-22 11:13
Summary
Kwetsbaarheden verholpen in Atlassian producten
Notes
The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:
NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.
NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.
This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.
Feiten
Atlassian heeft kwetsbaarheden verholpen in diverse producten, zoals Jira, Confluence en Bitbucket.
Interpretaties
Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorieën schade:
- Cross-Site Request Forgery (XSRF)
- Denial-of-Service (DoS)
- Omzeilen van authenticatie
- (Remote) code execution (Administrator/Root rechten)
- (Remote) code execution (Gebruikersrechten)
- SQL Injection
- Toegang tot systeemgegevens
Oplossingen
Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie:
https://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html
Kans
medium
Schade
high
CWE-284
Improper Access Control
CWE-20
Improper Input Validation
CWE-281
Improper Preservation of Permissions
CWE-400
Uncontrolled Resource Consumption
CWE-404
Improper Resource Shutdown or Release
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-459
Incomplete Cleanup
CWE-502
Deserialization of Untrusted Data
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE-770
Allocation of Resources Without Limits or Throttling
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-913
Improper Control of Dynamically-Managed Code Resources
CWE-96
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
{ "document": { "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE" } }, "lang": "nl", "notes": [ { "category": "legal_disclaimer", "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings." }, { "category": "description", "text": "Atlassian heeft kwetsbaarheden verholpen in diverse producten, zoals Jira, Confluence en Bitbucket.", "title": "Feiten" }, { "category": "description", "text": "Een kwaadwillende kan de kwetsbaarheden misbruiken om aanvallen uit te voeren die kunnen leiden tot de volgende categorie\u00ebn schade:\n\n- Cross-Site Request Forgery (XSRF)\n- Denial-of-Service (DoS)\n- Omzeilen van authenticatie\n- (Remote) code execution (Administrator/Root rechten)\n- (Remote) code execution (Gebruikersrechten)\n- SQL Injection\n- Toegang tot systeemgegevens\n", "title": "Interpretaties" }, { "category": "description", "text": "Atlassian heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie:\n\nhttps://confluence.atlassian.com/security/security-bulletin-may-21-2024-1387867145.html", "title": "Oplossingen" }, { "category": "general", "text": "medium", "title": "Kans" }, { "category": "general", "text": "high", "title": "Schade" }, { "category": "general", "text": "Improper Access Control", "title": "CWE-284" }, { "category": "general", "text": "Improper Input Validation", "title": "CWE-20" }, { "category": "general", "text": "Improper Preservation of Permissions", "title": "CWE-281" }, { "category": "general", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" }, { "category": "general", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "general", "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)", "title": "CWE-444" }, { "category": "general", "text": "Incomplete Cleanup", "title": "CWE-459" }, { "category": "general", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "general", "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)", "title": "CWE-601" }, { "category": "general", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" }, { "category": "general", "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "title": "CWE-89" }, { "category": "general", "text": "Improper Control of Dynamically-Managed Code Resources", "title": "CWE-913" }, { "category": "general", "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)", "title": "CWE-96" } ], "publisher": { "category": "coordinator", "contact_details": "cert@ncsc.nl", "name": "Nationaal Cyber Security Centrum", "namespace": "https://www.ncsc.nl/" }, "references": [ { "category": "external", "summary": "Reference - cveprojectv5; nvd", "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1387867145" } ], "title": "Kwetsbaarheden verholpen in Atlassian producten", "tracking": { "current_release_date": "2024-05-22T11:13:07.693855Z", "id": "NCSC-2024-0231", "initial_release_date": "2024-05-22T11:13:07.693855Z", "revision_history": [ { "date": "2024-05-22T11:13:07.693855Z", "number": "0", "summary": "Initiele versie" } ], "status": "final", "version": "1.0.0" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "bamboo", "product": { "name": "bamboo", "product_id": "CSAFPID-716889", "product_identification_helper": { "cpe": "cpe:2.3:a:atlassian:bamboo:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "bitbucket", "product": { "name": "bitbucket", "product_id": "CSAFPID-344199", "product_identification_helper": { "cpe": "cpe:2.3:a:atlassian:bitbucket:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "confluence", "product": { "name": "confluence", "product_id": "CSAFPID-551338", "product_identification_helper": { "cpe": "cpe:2.3:a:atlassian:confluence:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "crowd", "product": { "name": "crowd", "product_id": "CSAFPID-344399", "product_identification_helper": { "cpe": "cpe:2.3:a:atlassian:crowd:*:*:*:*:*:*:*:*" } } }, { "category": "product_name", "name": "jira_service_management", "product": { "name": "jira_service_management", "product_id": "CSAFPID-343852", "product_identification_helper": { "cpe": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:data_center:*:*:*" } } }, { "category": "product_name", "name": "jira_service_management", "product": { "name": "jira_service_management", "product_id": "CSAFPID-343851", "product_identification_helper": { "cpe": "cpe:2.3:a:atlassian:jira_service_management:*:*:*:*:server:*:*:*" } } }, { "category": "product_name", "name": "jira", "product": { "name": "jira", "product_id": "CSAFPID-98204", "product_identification_helper": { "cpe": "cpe:2.3:a:atlassian:jira:*:*:*:*:*:*:*:*" } } } ], "category": "vendor", "name": "atlassian" } ] }, "vulnerabilities": [ { "cve": "CVE-2017-7656", "cwe": { "id": "CWE-444", "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)" }, "notes": [ { "category": "other", "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)", "title": "CWE-444" } ], "references": [ { "category": "self", "summary": "CVE-2017-7656", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-7656.json" } ], "title": "CVE-2017-7656" }, { "cve": "CVE-2017-9735", "references": [ { "category": "self", "summary": "CVE-2017-9735", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2017/CVE-2017-9735.json" } ], "title": "CVE-2017-9735" }, { "cve": "CVE-2020-10672", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)", "title": "CWE-96" } ], "references": [ { "category": "self", "summary": "CVE-2020-10672", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10672.json" } ], "title": "CVE-2020-10672" }, { "cve": "CVE-2020-10673", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)", "title": "CWE-96" } ], "references": [ { "category": "self", "summary": "CVE-2020-10673", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10673.json" } ], "title": "CVE-2020-10673" }, { "cve": "CVE-2020-10968", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-10968", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10968.json" } ], "title": "CVE-2020-10968" }, { "cve": "CVE-2020-10969", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-10969", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-10969.json" } ], "title": "CVE-2020-10969" }, { "cve": "CVE-2020-11111", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)", "title": "CWE-96" } ], "references": [ { "category": "self", "summary": "CVE-2020-11111", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11111.json" } ], "title": "CVE-2020-11111" }, { "cve": "CVE-2020-11112", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)", "title": "CWE-96" } ], "references": [ { "category": "self", "summary": "CVE-2020-11112", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11112.json" } ], "title": "CVE-2020-11112" }, { "cve": "CVE-2020-11113", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)", "title": "CWE-96" } ], "references": [ { "category": "self", "summary": "CVE-2020-11113", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-11113.json" } ], "title": "CVE-2020-11113" }, { "cve": "CVE-2020-24616", "references": [ { "category": "self", "summary": "CVE-2020-24616", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-24616.json" } ], "title": "CVE-2020-24616" }, { "cve": "CVE-2020-35728", "cwe": { "id": "CWE-96", "name": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)", "title": "CWE-96" } ], "references": [ { "category": "self", "summary": "CVE-2020-35728", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-35728.json" } ], "title": "CVE-2020-35728" }, { "cve": "CVE-2020-36179", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-36179", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36179.json" } ], "title": "CVE-2020-36179" }, { "cve": "CVE-2020-36180", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-36180", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36180.json" } ], "title": "CVE-2020-36180" }, { "cve": "CVE-2020-36181", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-36181", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36181.json" } ], "title": "CVE-2020-36181" }, { "cve": "CVE-2020-36182", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-36182", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36182.json" } ], "title": "CVE-2020-36182" }, { "cve": "CVE-2020-36184", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-36184", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36184.json" } ], "title": "CVE-2020-36184" }, { "cve": "CVE-2020-36188", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2020-36188", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2020/CVE-2020-36188.json" } ], "title": "CVE-2020-36188" }, { "cve": "CVE-2021-28165", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "other", "text": "Uncontrolled Resource Consumption", "title": "CWE-400" } ], "references": [ { "category": "self", "summary": "CVE-2021-28165", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2021/CVE-2021-28165.json" } ], "title": "CVE-2021-28165" }, { "cve": "CVE-2022-25647", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2022-25647", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-25647.json" } ], "title": "CVE-2022-25647" }, { "cve": "CVE-2022-41966", "cwe": { "id": "CWE-502", "name": "Deserialization of Untrusted Data" }, "notes": [ { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" }, { "category": "other", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" } ], "references": [ { "category": "self", "summary": "CVE-2022-41966", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-41966.json" } ], "title": "CVE-2022-41966" }, { "cve": "CVE-2022-42003", "cwe": { "id": "CWE-404", "name": "Improper Resource Shutdown or Release" }, "notes": [ { "category": "other", "text": "Improper Resource Shutdown or Release", "title": "CWE-404" }, { "category": "other", "text": "Deserialization of Untrusted Data", "title": "CWE-502" } ], "references": [ { "category": "self", "summary": "CVE-2022-42003", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2022/CVE-2022-42003.json" } ], "title": "CVE-2022-42003" }, { "cve": "CVE-2023-4759", "references": [ { "category": "self", "summary": "CVE-2023-4759", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-4759.json" } ], "title": "CVE-2023-4759" }, { "cve": "CVE-2023-34396", "references": [ { "category": "self", "summary": "CVE-2023-34396", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-34396.json" } ], "title": "CVE-2023-34396" }, { "cve": "CVE-2023-41835", "cwe": { "id": "CWE-913", "name": "Improper Control of Dynamically-Managed Code Resources" }, "notes": [ { "category": "other", "text": "Improper Control of Dynamically-Managed Code Resources", "title": "CWE-913" } ], "references": [ { "category": "self", "summary": "CVE-2023-41835", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-41835.json" } ], "title": "CVE-2023-41835" }, { "cve": "CVE-2023-45859", "cwe": { "id": "CWE-281", "name": "Improper Preservation of Permissions" }, "notes": [ { "category": "other", "text": "Improper Preservation of Permissions", "title": "CWE-281" } ], "references": [ { "category": "self", "summary": "CVE-2023-45859", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2023/CVE-2023-45859.json" } ], "title": "CVE-2023-45859" }, { "cve": "CVE-2024-1597", "cwe": { "id": "CWE-89", "name": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)" }, "notes": [ { "category": "other", "text": "Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)", "title": "CWE-89" } ], "references": [ { "category": "self", "summary": "CVE-2024-1597", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-1597.json" } ], "title": "CVE-2024-1597" }, { "cve": "CVE-2024-21634", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "other", "text": "Allocation of Resources Without Limits or Throttling", "title": "CWE-770" } ], "references": [ { "category": "self", "summary": "CVE-2024-21634", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21634.json" } ], "title": "CVE-2024-21634" }, { "cve": "CVE-2024-21683", "references": [ { "category": "self", "summary": "CVE-2024-21683", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-21683.json" } ], "title": "CVE-2024-21683" }, { "cve": "CVE-2024-22257", "cwe": { "id": "CWE-284", "name": "Improper Access Control" }, "notes": [ { "category": "other", "text": "Improper Access Control", "title": "CWE-284" } ], "references": [ { "category": "self", "summary": "CVE-2024-22257", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22257.json" } ], "title": "CVE-2024-22257" }, { "cve": "CVE-2024-22262", "cwe": { "id": "CWE-601", "name": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)" }, "notes": [ { "category": "other", "text": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)", "title": "CWE-601" } ], "references": [ { "category": "self", "summary": "CVE-2024-22262", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-22262.json" } ], "title": "CVE-2024-22262" }, { "cve": "CVE-2024-23672", "cwe": { "id": "CWE-459", "name": "Incomplete Cleanup" }, "notes": [ { "category": "other", "text": "Incomplete Cleanup", "title": "CWE-459" } ], "references": [ { "category": "self", "summary": "CVE-2024-23672", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-23672.json" } ], "title": "CVE-2024-23672" }, { "cve": "CVE-2024-24549", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "other", "text": "Improper Input Validation", "title": "CWE-20" } ], "references": [ { "category": "self", "summary": "CVE-2024-24549", "url": "https://api.ncsc.nl/velma/v1/vulnerabilities/2024/CVE-2024-24549.json" } ], "title": "CVE-2024-24549" } ] }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.