CVE-2020-2747
https://notcve.org/view.php?id=CVE-2020-2747
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: SSO Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Access Manager. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Access Manager accessible data as well as unauthorized read access to a subset of Oracle Access Manager accessible data. • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVE-2020-1938 – Apache Tomcat Improper Privilege Management Vulnerability
https://notcve.org/view.php?id=CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. • https://www.exploit-db.com/exploits/49039 https://www.exploit-db.com/exploits/48143 https://github.com/sgdream/CVE-2020-1938 https://github.com/xindongzhuaizhuai/CVE-2020-1938 https://github.com/laolisafe/CVE-2020-1938 https://github.com/sv3nbeast/CVE-2020-1938-Tomact-file_include-file_read https://github.com/fairyming/CVE-2020-1938 https://github.com/dacade/CVE-2020-1938 https://github.com/Hancheng-Lei/Hacking-Vulnerability-CVE-2020-1938-Ghostcat https://github.com/w4fz5uck5& • CWE-285: Improper Authorization •
CVE-2020-1935 – tomcat: Mishandling of Transfer-Encoding header allows for HTTP request smuggling
https://notcve.org/view.php?id=CVE-2020-1935
In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid. This led to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. En Apache Tomcat versiones 9.0.0.M1 hasta 9.0.30, versiones 8.5.0 hasta 8.5.50 y versiones 7.0.0 hasta 7.0.99, el código de análisis del encabezado HTTP utilizó un enfoque para el análisis de fin de línea que permitió a algunos encabezados HTTP no válidos ser analizados como válidos. Esto conllevó a una posibilidad de Tráfico No Autorizado de Peticiones HTTP si Tomcat se encontraba detrás de un proxy inverso que manejaba incorrectamente el encabezado Transfer-Encoding no válido en una manera particular. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html https://lists.apache.org/thread.html/r127f76181aceffea2bd4711b03c595d0f115f63e020348fe925a916c%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/r441c1f30a252bf14b07396286f6abd8089ce4240e91323211f1a2d75%40%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r660cd379afe346f10d72c0eaa8459ccc95d83aff181671b7e9076919%40%3Cusers.tomcat.apache.org%3E https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2019-17569 – tomcat: Regression in handling of Transfer-Encoding header allows for HTTP request smuggling
https://notcve.org/view.php?id=CVE-2019-17569
The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression. The result of the regression was that invalid Transfer-Encoding headers were incorrectly processed leading to a possibility of HTTP Request Smuggling if Tomcat was located behind a reverse proxy that incorrectly handled the invalid Transfer-Encoding header in a particular manner. Such a reverse proxy is considered unlikely. La refactorización presente en Apache Tomcat versiones 9.0.28 hasta 9.0.30, versiones 8.5.48 hasta 8.5.50 y versiones 7.0.98 hasta 7.0.99, introdujo una regresión. El resultado de la regresión fue que los encabezados Transfer-Encoding no válidos fueron procesados incorrectamente, conllevando a una posibilidad de Tráfico No Autorizado de Peticiones HTTP si Tomcat se encontraba detrás de un proxy inverso que manejaba incorrectamente el encabezado Transfer-Encoding no válido de una manera particular. • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html https://lists.apache.org/thread.html/r7bc994c965a34876bd94d5ff15b4e1e30b6220a15eb9b47c81915b78%40%3Ccommits.tomee.apache.org%3E https://lists.apache.org/thread.html/r88def002c5c78534674ca67472e035099fbe088813d50062094a1390%40%3Cannounce.tomcat.apache.org%3E https://lists.apache.org/thread.html/rc31cbabb46cdc58bbdd8519a8f64b6236b2635a3922bbeba0f0e3743%40%3Ccommits.tomee.apache.org%3E https://lists.debian.org/debian-lts-announce/2020/03/msg00006.html https://security.netapp.com/advisory • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de un acceso local. A flaw was found in the way Intel CPUs handle inconsistency between, virtual to physical memory address translations in CPU's local cache and system software's Paging structure entries. A privileged guest user may use this flaw to induce a hardware Machine Check Error on the host processor, resulting in a severe DoS scenario by halting the processor. System software like OS OR Virtual Machine Monitor (VMM) use virtual memory system for storing program instructions and data in memory. Virtual Memory system uses Paging structures like Page Tables and Page Directories to manage system memory. • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html https://access.redhat.com/errata/RHSA-2019:3916 https://access.redhat.com/errata/RHSA-2019:3936 https://access.redhat.com/errata/RHSA-2019:3941 https://access.redhat.com/errata/RHSA-2020:0026 https://access.redhat.com/errata/RHSA-2020:0028 https://access.redhat.com/errata/RHSA-2020:0204 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5WWPW4BSZDDW7VHU427XTVXV7ROOFFW https:/ • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •