CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2018-1067 – undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993)
https://notcve.org/view.php?id=CVE-2018-1067
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. En Undertow, en versiones anteriores a la 7.1.2.CR1, 7.1.2.GA, se descubrió que la solución para CVE-2016-4993 no estaba completa. Por lo tanto, el servidor web de Undertow es vulnerable a la inyección de cabeceras HTTP arbitrarias y también a la separación de respuestas, debido al saneamiento y validación insuficientes de entradas de usuario antes de que se empleen como parte de un valor de cabecera HTTP. It was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. • https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https://access.redhat.com/errata/RHSA-2018:1249 https://access.redhat.com/errata/RHSA-2018:1251 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2019:0877 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1067 https://access.redhat.com/security/cve/CVE-2018-1067 https://bugzilla.redhat.com/show_bug.cgi?id=1550671 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 9.8EPSS: 1%CPEs: 39EXPL: 0CVE-2018-8088 – slf4j: Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2018-8088
org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series. org.slf4j.ext.EventData en el módulo slf4j-ext en QOS.CH SLF4J antes de la versión 1.8.0-beta2 permite a los atacantes remotos saltarse las restricciones de acceso previstas a través de datos manipulados. EventData en el módulo slf4j-ext en QOS.CH SLF4J, ha sido corregido en las versiones 1.7.26 posteriores de SLF4J y en la serie 2.0.x An XML deserialization vulnerability was discovered in slf4j's EventData, which accepts an XML serialized string and can lead to arbitrary code execution. • http://www.securityfocus.com/bid/103737 http://www.securitytracker.com/id/1040627 https://access.redhat.com/errata/RHSA-2018:0582 https://access.redhat.com/errata/RHSA-2018:0592 https://access.redhat.com/errata/RHSA-2018:0627 https://access.redhat.com/errata/RHSA-2018:0628 https://access.redhat.com/errata/RHSA-2018:0629 https://access.redhat.com/errata/RHSA-2018:0630 https://access.redhat.com/errata/RHSA-2018:1247 https://access.redhat.com/errata/RHSA-2018:1248 https: • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2017-12196 – undertow: Client can use bogus uri in Digest authentication
https://notcve.org/view.php?id=CVE-2017-12196
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. Se ha descubierto que undertow, en sus versiones 1.4.18.SP1, 2.0.2.Final y 1.4.24.Final, es vulnerable al usar la autenticación Digest, ya que el servidor no garantiza que el valor del URI en la cabecera Authorization coincida con el URIb en la línea de petición HTTP. Esto permite que el atacante provoque un ataque Man-in-the-Middle (MitM) y acceda al contenido que desee en el servidor. It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. • https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:2405 https://access.redhat.com/errata/RHSA-2018:3768 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196 https://issues.jboss.org/browse/UNDERTOW-1190 https://access.redhat.com/sec • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9585
https://notcve.org/view.php?id=CVE-2016-9585
Red Hat JBoss EAP version 5 is vulnerable to a deserialization of untrusted data in the JMX endpoint when deserializes the credentials passed to it. An attacker could exploit this vulnerability resulting in a denial of service attack. Red Hat JBoss EAP, versión 5, es vulnerable a una deserialización de datos no fiables en el endpoint JMX cuando deserializa las credenciales que se le pasan. Un atacante puede explotar esta vulnerabilidad para provocar una denegación de servicio (DoS). • http://www.securityfocus.com/bid/94932 https://bugzilla.redhat.com/show_bug.cgi?id=1404528 • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 1CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patrón de URL "" (la cadena vacía) que mapea exactamente al root de contexto no se gestionó correctamente en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 al emplearse como parte de una definición de limitación de seguridad. • https://github.com/knqyf263/CVE-2018-1304 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103170 http://www.securitytracker.com/id/1040427 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:1447 https://access.redha • CWE-284: Improper Access Control •