CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2020-14384 – jbossweb: Incomplete fix of CVE-2020-13935 for WebSocket in JBossWeb could lead to DoS
https://notcve.org/view.php?id=CVE-2020-14384
A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. Se encontró un fallo en JBossWeb en versiones anteriores a 7.5.31.Final-redhat-3. La corrección para CVE-2020-13935 estaba incompleta en JBossWeb, dejándolo vulnerable a un ataque de denegación de servicio cuando se envían múltiples peticiones con una longitud de carga útil no válida en una trama WebSocket. • https://bugzilla.redhat.com/show_bug.cgi?id=1875176 https://access.redhat.com/security/cve/CVE-2020-14384 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2020-1710 – EAP: field-name is not parsed in accordance to RFC7230
https://notcve.org/view.php?id=CVE-2020-1710
The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. El problema parece ser que JBoss EAP versión 6.4.21, no analiza el nombre de campo de acuerdo con RFC7230[1] ya que devuelve 200 en lugar de 400 A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400. • https://bugzilla.redhat.com/show_bug.cgi?id=1793970 https://access.redhat.com/security/cve/CVE-2020-1710 • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2019-19343 – Undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
https://notcve.org/view.php?id=CVE-2019-19343
A flaw was found in Undertow when using Remoting as shipped in Red Hat Jboss EAP before version 7.2.4. A memory leak in HttpOpenListener due to holding remote connections indefinitely may lead to denial of service. Versions before undertow 2.0.25.SP1 and jboss-remoting 5.0.14.SP1 are believed to be vulnerable. Se encontró una falla en Undertow al usar Remoting como se envió en Red Hat Jboss EAP anterior a la versión 7.2.4. Una filtrado de memoria en HttpOpenListener debido a mantener conexiones remotas indefinidamente puede conllevar a una denegación de servicio. • https://bugzilla.redhat.com/show_bug.cgi?id=1780445 https://issues.redhat.com/browse/JBEAP-16695 https://security.netapp.com/advisory/ntap-20220211-0002 https://access.redhat.com/security/cve/CVE-2019-19343 • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 4.9EPSS: 0%CPEs: 4EXPL: 0CVE-2020-1732 – Soteria: security identity corruption across concurrent threads
https://notcve.org/view.php?id=CVE-2020-1732
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. Se encontró un fallo en Soteria versiones anteriores a la versión 1.0.1, en un modo en el que múltiples peticiones pueden ocurrir simultáneamente causan una corrupción de identidad de seguridad por medio de subprocesos (hilos) concurrentes cuando se usa EE Security con WildFly Elytron, lo que puede conllevar a una posibilidad de que se maneje usando la identidad de otra petición . A flaw was found in WildFly where multiple requests occurring concurrently could be handled using the identity of another request. This vulnerability occurs when using EE Security with WildFly Elytron. The largest threat from this vulnerability is data confidentiality and integrity. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1732 https://github.com/wildfly-security/soteria/commit/c2479f8c39d7d661341fdcaff7f5e97c5eea1a54 https://access.redhat.com/security/cve/CVE-2020-1732 https://bugzilla.redhat.com/show_bug.cgi?id=1801726 • CWE-20: Improper Input Validation CWE-284: Improper Access Control •
CVSS: 8.1EPSS: 0%CPEs: 12EXPL: 0CVE-2020-1757 – undertow: servletPath is normalized incorrectly leading to dangerous application mapping which could result in security bypass
https://notcve.org/view.php?id=CVE-2020-1757
A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. Se encontró un fallo en todas las versiones undertow-2.x.x SP1 anteriores a undertow-2.0.30.SP1, en todas las versiones undertow-1.x.x y versiones undertow-2.x.x anteriores a undertow-2.1.0.Final, donde el contenedor de servlets causa que servletPath se normalice incorrectamente al truncar la ruta después del punto y coma, lo que puede conllevar a un mapeo de la aplicación resultando en la omisión de la seguridad. A flaw was found in Undertow, where the servlet container causes the servletPath to normalize incorrectly by truncating the path after the semicolon. The flaw may lead to application mapping, resulting in a security bypass. • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1757 https://access.redhat.com/security/cve/CVE-2020-1757 https://bugzilla.redhat.com/show_bug.cgi?id=1752770 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •