CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-4492 – undertow: Server identity in https connection is not checked by the undertow client
https://notcve.org/view.php?id=CVE-2022-4492
The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol. A flaw was found in undertow. The undertow client is not checking the server identity the server certificate presents in HTTPS connections. • https://access.redhat.com/security/cve/CVE-2022-4492 https://bugzilla.redhat.com/show_bug.cgi?id=2153260 https://security.netapp.com/advisory/ntap-20230324-0002 • CWE-550: Server-generated Error Message Containing Sensitive Information •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-3143 – wildfly-elytron: possible timing attacks via use of unsafe comparator
https://notcve.org/view.php?id=CVE-2022-3143
wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or impersonate an authed user. wildfly-elytron: posibles ataques de sincronización mediante el uso de un comparador inseguro. • https://access.redhat.com/security/cve/CVE-2022-3143 https://bugzilla.redhat.com/show_bug.cgi?id=2124682 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •
CVSS: 4.9EPSS: 0%CPEs: 13EXPL: 0CVE-2022-2764 – Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations
https://notcve.org/view.php?id=CVE-2022-2764
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. Se ha encontrado un fallo en Undertow. Puede producirse una denegación de servicio ya que el servidor de Undertow espera eternamente el LAST_CHUNK para las invocaciones EJB A flaw was found in Undertow with EJB invocations. This flaw allows an attacker to generate a valid HTTP request and send it to the server on an established connection after removing the LAST_CHUNK from the bytes, causing a denial of service. • https://bugzilla.redhat.com/show_bug.cgi?id=2117506 https://security.netapp.com/advisory/ntap-20221014-0006 https://access.redhat.com/security/cve/CVE-2022-2764 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 0CVE-2022-1259 – undertow: potential security issue in flow control over HTTP/2 may lead to DOS(incomplete fix for CVE-2021-3629)
https://notcve.org/view.php?id=CVE-2022-1259
A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. Se ha encontrado un fallo en Undertow. Un posible problema de seguridad en la administración del control de flujo por parte del navegador sobre HTTP/2 puede causar una sobrecarga o una denegación de servicio en el servidor. • https://access.redhat.com/security/cve/CVE-2022-1259 https://bugzilla.redhat.com/show_bug.cgi?id=2072339 https://security.netapp.com/advisory/ntap-20221014-0006 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-0866 – wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled
https://notcve.org/view.php?id=CVE-2022-0866
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it's possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. • https://bugzilla.redhat.com/show_bug.cgi?id=2060929#c0 https://access.redhat.com/security/cve/CVE-2022-0866 https://bugzilla.redhat.com/show_bug.cgi?id=2060929 • CWE-863: Incorrect Authorization CWE-1220: Insufficient Granularity of Access Control •