CVE-2018-1131 – infinispan: deserialization of data in XML and JSON transcoders
https://notcve.org/view.php?id=CVE-2018-1131
Infinispan permits improper deserialization of trusted data via XML and JSON transcoders under certain server configurations. A user with authenticated access to the server could send a malicious object to a cache configured to accept certain types of objects, achieving code execution and possible further attacks. Versions 9.0.3.Final, 9.1.7.Final, 8.2.10.Final, 9.2.2.Final, 9.3.0.Alpha1 are believed to be affected. Infinispan permite la deserialización incorrecta de datos fiables mediante transcodificadores XML y JSON en ciertas configuraciones del servidor. Un usuario con acceso autenticado al servidor podría enviar un objeto malicioso a una caché configurada para aceptar ciertos tipos de objetos, logrando la ejecución de código y, posiblemente, más ataques. • http://www.securityfocus.com/bid/104218 https://access.redhat.com/errata/RHSA-2018:1833 https://access.redhat.com/errata/RHSA-2019:3892 https://bugzilla.redhat.com/show_bug.cgi?id=1576492 https://access.redhat.com/security/cve/CVE-2018-1131 • CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data CWE-502: Deserialization of Untrusted Data •
CVE-2017-15089 – infinispan: Unsafe deserialization of malicious object injected into data cache
https://notcve.org/view.php?id=CVE-2017-15089
It was found that the Hotrod client in Infinispan before 9.2.0.CR1 would unsafely read deserialized data on information from the cache. An authenticated attacker could inject a malicious object into the data cache and attain deserialization on the client, and possibly conduct further attacks. Se ha descubierto que el cliente Hotrod en Infinispan, en versiones anteriores a la 9.2.0.CR1 lee de forma insegura los datos deserializados en la información de la caché. Un atacante autenticado podría inyectar un objeto malicioso en la caché de datos y lograr la deserialización en el cliente, además de llevar a cabo ataques a mayores. It was found that the Hotrod client in Infinispan would unsafely read deserialized data on information from the cache. • http://www.securitytracker.com/id/1040360 https://access.redhat.com/errata/RHSA-2018:0294 https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:0501 https://access.redhat.com/errata/RHSA-2019:1326 https://github.com/infinispan/infinispan/pull/5639 https://access.redhat.com/security/cve/CVE-2 • CWE-502: Deserialization of Untrusted Data •
CVE-2016-0750 – client: unchecked deserialization in marshaller util
https://notcve.org/view.php?id=CVE-2016-0750
The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks. El cliente de Java hotrod en infinispan en versiones anteriores a la 9.1.0.Final deserializa automáticamente el contenido de los mensajes bytearray en ciertos eventos. Un usuario malicioso podría explotar este error inyectando un objeto serializado especialmente manipulado para lograr la ejecución remota de código u otros ataques. The hotrod java client in infinispan automatically deserializes bytearray message contents in certain events. • http://www.securityfocus.com/bid/101910 https://access.redhat.com/errata/RHSA-2017:3244 https://access.redhat.com/errata/RHSA-2018:0501 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-0750 https://github.com/infinispan/infinispan/pull/5116 https://issues.jboss.org/browse/ISPN-7781 https://access.redhat.com/security/cve/CVE-2016-0750 https://bugzilla.redhat.com/show_bug.cgi?id=1300443 • CWE-138: Improper Neutralization of Special Elements CWE-502: Deserialization of Untrusted Data •
CVE-2017-2638 – infinispan: auth bypass in REST api
https://notcve.org/view.php?id=CVE-2017-2638
It was found that the REST API in Infinispan before version 9.0.0 did not properly enforce auth constraints. An attacker could use this vulnerability to read or modify data in the default cache or a known cache name. Se ha descubierto que la API REST en Infinispan en versiones anteriores a la 9.0.0 no aplicaba correctamente las restricciones auth. Un atacante podría emplear esta vulnerabilidad para leer o modificar datos en la caché por defecto o un nombre de caché conocido. It was found that the REST API in infinispan did not properly enforce auth constraints. • http://rhn.redhat.com/errata/RHSA-2017-1097.html http://www.securityfocus.com/bid/97964 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2638 https://github.com/infinispan/infinispan/pull/4936/commits https://issues.jboss.org/browse/ISPN-7485 https://access.redhat.com/security/cve/CVE-2017-2638 https://bugzilla.redhat.com/show_bug.cgi?id=1428564 • CWE-287: Improper Authentication CWE-306: Missing Authentication for Critical Function •