CVE-2024-41107 – Apache CloudStack: SAML Signature Exclusion
https://notcve.org/view.php?id=CVE-2024-41107
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In CloudStack environments where SAML authentication is enabled, an attacker that initiates CloudStack SAML single sign-on authentication can bypass SAML authentication by submitting a spoofed SAML response with no signature and known or guessed username and other user details of a SAML-enabled CloudStack user-account. In such environments, this can result in a complete compromise of the resources owned and/or accessible by a SAML enabled user-account. Affected users are recommended to disable the SAML authentication plugin by setting the "saml2.enabled" global setting to "false", or upgrade to version 4.18.2.2, 4.19.1.0 or later, which addresses this issue. La autenticación SAML de CloudStack (deshabilitada de forma predeterminada) no exige la verificación de firmas. En entornos de CloudStack donde la autenticación SAML está habilitada, un atacante que inicia la autenticación de inicio de sesión único SAML de CloudStack puede omitir la autenticación SAML enviando una respuesta SAML falsificada sin firma y con un nombre de usuario conocido o adivinado y otros detalles de usuario de un usuario de CloudStack habilitado para SAML. cuenta. • https://github.com/d0rb/CVE-2024-41107 http://www.openwall.com/lists/oss-security/2024/07/19/1 http://www.openwall.com/lists/oss-security/2024/07/19/2 https://cloudstack.apache.org/blog/security-release-advisory-cve-2024-41107 https://github.com/apache/cloudstack/issues/4519 https://lists.apache.org/thread/5q06g8zvmhcw6w3tjr6r5prqdw6zckg3 https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-cve-2024-41107 • CWE-290: Authentication Bypass by Spoofing •
CVE-2024-41172 – Apache CXF: Unrestricted memory consumption in CXF HTTP clients
https://notcve.org/view.php?id=CVE-2024-41172
In versions of Apache CXF before 3.6.4 and 4.0.5 (3.5.x and lower versions are not impacted), a CXF HTTP client conduit may prevent HTTPClient instances from being garbage collected and it is possible that memory consumption will continue to increase, eventually causing the application to run out of memory En las versiones de Apache CXF anteriores a 3.6.4 y 4.0.5 (las versiones 3.5.x y inferiores no se ven afectadas), un conducto de cliente HTTP de CXF puede impedir que las instancias de HTTPClient se recopilen como basura y es posible que el consumo de memoria continúe aumentando eventualmente causando que la aplicación se quede sin memoria. A memory consumption flaw was found in Apache CXF. This issue may allow a CXF HTTP client conduit to prevent HTTPClient instances from being garbage collected, eventually causing the application to run out of memory. • https://lists.apache.org/thread/n2hvbrgwpdtcqdccod8by28ynnolybl6 https://access.redhat.com/security/cve/CVE-2024-41172 https://bugzilla.redhat.com/show_bug.cgi?id=2298829 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVE-2024-29736 – Apache CXF: SSRF vulnerability via WADL stylesheet parameter
https://notcve.org/view.php?id=CVE-2024-29736
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured. Una vulnerabilidad SSRF en la descripción del servicio WADL en versiones de Apache CXF anteriores a 4.0.5, 3.6.4 y 3.5.9 permite a un atacante realizar ataques de estilo SSRF en servicios web REST. El ataque sólo se aplica si se configura un parámetro de hoja de estilo personalizado. A Server-side request forgery (SSRF) vulnerability was found in Apache CXF in the WADL service description. • https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 https://access.redhat.com/security/cve/CVE-2024-29736 https://bugzilla.redhat.com/show_bug.cgi?id=2298827 • CWE-918: Server-Side Request Forgery (SSRF) •
CVE-2024-29178 – Apache StreamPark: FreeMarker SSTI RCE Vulnerability
https://notcve.org/view.php?id=CVE-2024-29178
On versions before 2.1.4, a user could log in and perform a template injection attack resulting in Remote Code Execution on the server, The attacker must successfully log into the system to launch an attack, so this is a moderate-impact vulnerability. Mitigation: all users should upgrade to 2.1.4 En versiones anteriores a la 2.1.4, un usuario podía iniciar sesión y realizar un ataque de inyección de plantilla que generaba una ejecución remota de código en el servidor. El atacante debía iniciar sesión correctamente en el sistema para lanzar un ataque, por lo que se trata de una vulnerabilidad de impacto moderado. Mitigación: todos los usuarios deben actualizar a 2.1.4 • http://www.openwall.com/lists/oss-security/2024/07/18/1 https://lists.apache.org/thread/n6dhnl68knpxy80t35qxkkw2691l8sfn • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-40725 – Apache HTTP Server: source code disclosure with handlers configured via AddType
https://notcve.org/view.php?id=CVE-2024-40725
A partial fix for CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted. Users are recommended to upgrade to version 2.4.62, which fixes this issue. Una solución parcial para CVE-2024-39884 en el núcleo de Apache HTTP Server 2.4.61 ignora parte del uso de la configuración de controladores heredada basada en el tipo de contenido. "AddType" y configuraciones similares, en algunas circunstancias en las que los archivos se solicitan indirectamente, dan como resultado la divulgación del código fuente del contenido local. • https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898 https://httpd.apache.org/security/vulnerabilities_24.html • CWE-668: Exposure of Resource to Wrong Sphere •