CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0CVE-2023-44981 – Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication
https://notcve.org/view.php?id=CVE-2023-44981
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper. If SASL Quorum Peer authentication is enabled in ZooKeeper (quorum.auth.enableSasl=true), the authorization is done by verifying that the instance part in SASL authentication ID is listed in zoo.cfg server list. The instance part in SASL auth ID is optional and if it's missing, like 'eve@EXAMPLE.COM', the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree. Quorum Peer authentication is not enabled by default. Users are recommended to upgrade to version 3.9.1, 3.8.3, 3.7.2, which fixes the issue. Alternately ensure the ensemble election/quorum communication is protected by a firewall as this will mitigate the issue. See the documentation for more details on correct cluster administration. • http://www.openwall.com/lists/oss-security/2023/10/11/4 https://lists.apache.org/thread/wf0yrk84dg1942z1o74kd8nycg6pgm5b https://lists.debian.org/debian-lts-announce/2023/10/msg00029.html https://security.netapp.com/advisory/ntap-20240621-0007 https://www.debian.org/security/2023/dsa-5544 https://access.redhat.com/security/cve/CVE-2023-44981 https://bugzilla.redhat.com/show_bug.cgi?id=2243436 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 64EXPL: 0CVE-2023-45648 – Apache Tomcat: Trailer header parsing too lenient
https://notcve.org/view.php?id=CVE-2023-45648
Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. Vulnerabilidad de validación de entrada incorrecta en Apache Tomcat.Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.81 y desde 8.5.0 hasta 8.5 .93 no analizaron correctamente los encabezados de las colas HTTP. Un encabezado de avance no válido y especialmente manipulado podría hacer que Tomcat trate una sola solicitud como solicitudes múltiples, lo que genera la posibilidad de contrabando de solicitudes cuando está detrás de un proxy inverso. Se recomienda a los usuarios actualizar a la versión 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, que solucionan el problema. • http://www.openwall.com/lists/oss-security/2023/10/10/10 https://lists.apache.org/thread/2pv8yz1pyp088tsxfb7ogltk9msk0jdp https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://security.netapp.com/advisory/ntap-20231103-0007 https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://access.redhat.com/security/cve/CVE-2023-45648 https://bugzilla.redhat.com/show_bug.cgi?id=2243749 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 1%CPEs: 64EXPL: 0CVE-2023-42795 – Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests
https://notcve.org/view.php?id=CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. Vulnerabilidad de limpieza incompleta en Apache Tomcat. Al reciclar varios objetos internos en Apache Tomcat desde 11.0.0-M1 hasta 11.0.0-M11, desde 10.1.0-M1 hasta 10.1.13, desde 9.0.0-M1 hasta 9.0.80 y Desde 8.5.0 hasta 8.5.93, un error podría hacer que Tomcat se salte algunas partes del proceso de reciclaje, lo que provocaría que se filtrara información de la solicitud/respuesta actual a la siguiente. Se recomienda a los usuarios actualizar a la versión 11.0.0-M12 en adelante, 10.1.14 en adelante, 9.0.81 en adelante o 8.5.94 en adelante, lo que soluciona el problema. A flaw was found in Apache Tomcat. • http://www.openwall.com/lists/oss-security/2023/10/10/9 https://lists.apache.org/thread/065jfyo583490r9j2v73nhpyxdob56lw https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html https://security.netapp.com/advisory/ntap-20231103-0007 https://www.debian.org/security/2023/dsa-5521 https://www.debian.org/security/2023/dsa-5522 https://access.redhat.com/security/cve/CVE-2023-42795 https://bugzilla.redhat.com/show_bug.cgi?id=2243752 • CWE-459: Incomplete Cleanup •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 1CVE-2023-36478 – HTTP/2 HPACK integer overflow and buffer allocation
https://notcve.org/view.php?id=CVE-2023-36478
Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. • http://www.openwall.com/lists/oss-security/2023/10/18/4 https://github.com/eclipse/jetty.project/pull/9634 https://github.com/eclipse/jetty.project/releases/tag/jetty-10.0.16 https://github.com/eclipse/jetty.project/releases/tag/jetty-11.0.16 https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.53.v20231009 https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgh7-54f2-x98r https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html https:&# • CWE-190: Integer Overflow or Wraparound CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •