CVSS: 5.9EPSS: 0%CPEs: 6EXPL: 0CVE-2017-12196 – undertow: Client can use bogus uri in Digest authentication
https://notcve.org/view.php?id=CVE-2017-12196
undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was found vulnerable when using Digest authentication, the server does not ensure that the value of URI in the Authorization header matches the URI in HTTP request line. This allows the attacker to cause a MITM attack and access the desired content on the server. Se ha descubierto que undertow, en sus versiones 1.4.18.SP1, 2.0.2.Final y 1.4.24.Final, es vulnerable al usar la autenticación Digest, ya que el servidor no garantiza que el valor del URI en la cabecera Authorization coincida con el URIb en la línea de petición HTTP. Esto permite que el atacante provoque un ataque Man-in-the-Middle (MitM) y acceda al contenido que desee en el servidor. It was discovered that when using Digest authentication, the server does not ensure that the value of the URI in the authorization header matches the URI in the HTTP request line. • https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHSA-2018:1525 https://access.redhat.com/errata/RHSA-2018:2405 https://access.redhat.com/errata/RHSA-2018:3768 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12196 https://issues.jboss.org/browse/UNDERTOW-1190 https://access.redhat.com/sec • CWE-287: Improper Authentication CWE-863: Incorrect Authorization •
CVSS: 6.5EPSS: 0%CPEs: 51EXPL: 1CVE-2018-1304 – tomcat: Incorrect handling of empty string URL in security constraints can lead to unintended exposure of resources
https://notcve.org/view.php?id=CVE-2018-1304
The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected. El patrón de URL "" (la cadena vacía) que mapea exactamente al root de contexto no se gestionó correctamente en Apache Tomcat 9.0.0.M1 a 9.0.4, 8.5.0 a 8.5.27, 8.0.0.RC1 a 8.0.49 y 7.0.0 a 7.0.84 al emplearse como parte de una definición de limitación de seguridad. • https://github.com/knqyf263/CVE-2018-1304 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/103170 http://www.securitytracker.com/id/1040427 https://access.redhat.com/errata/RHSA-2018:0465 https://access.redhat.com/errata/RHSA-2018:0466 https://access.redhat.com/errata/RHSA-2018:1320 https://access.redhat.com/errata/RHSA-2018:1447 https://access.redha • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 1CVE-2018-1041 – JBoss Remoting 6.14.18 - Denial of Service
https://notcve.org/view.php?id=CVE-2018-1041
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. Se ha encontrado una vulnerabilidad en la forma en la que RemoteMessageChannel, introducido en las versiones 3.3.10 de jboss-remoting, lee desde un búfer vacío. Un atacante podría emplear este error para provocar una denegación de servicio (DoS) mediante un consumo alto de CPU a través de un bucle infinito. A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10.Final-redhat-1, reads from an empty buffer. • https://www.exploit-db.com/exploits/44099 http://www.securitytracker.com/id/1040323 https://access.redhat.com/errata/RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0275 https://bugzilla.redhat.com/show_bug.cgi?id=1530457 https://access.redhat.com/security/cve/CVE-2018-1041 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2017-12174 – artemis/hornetq: memory exhaustion via UDP and JGroups discovery
https://notcve.org/view.php?id=CVE-2017-12174
It was found that when Artemis and HornetQ before 2.4.0 are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError. Se ha descubierto que cuando Artemis y HornetQ, en versiones anteriores a la 2.4.0, se configuran con detección UDP y detección JGroups, se crea un array con muchos bytes al recibir un mensaje multicast inesperado. Esto podría resultar en un agotamiento de la memoria dinámica (heap), GC completo o OutOfMemoryError. It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. • https://access.redhat.com/errata/RHSA-2018:0268 https://access.redhat.com/errata/RHSA-2018:0269 https://access.redhat.com/errata/RHSA-2018:0270 https://access.redhat.com/errata/RHSA-2018:0271 https://access.redhat.com/errata/RHSA-2018:0275 https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://bugzilla.redhat.com/show_bug. • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 14%CPEs: 21EXPL: 2CVE-2017-17485 – jackson-databind: Unsafe deserialization due to incomplete black list (incomplete fix for CVE-2017-15095)
https://notcve.org/view.php?id=CVE-2017-17485
FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. FasterXML jackson-databind hasta la versión 2.8.10 y 2.9.x hasta la 2.9.3 permite que se ejecute código de manera remota y no autenticada debido a una solución incompleta de la vulnerabilidad de deserialización CVE-2017-7525. Esto es explotable enviando una entrada JSON manipulada maliciosamente al método readValue de ObjectMapper, omitiendo una lista negra que no es efectiva si las librerías Spring están disponibles en el classpath. A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending maliciously crafted input to the readValue method of ObjectMapper. • https://github.com/Al1ex/CVE-2017-17485 https://github.com/tafamace/CVE-2017-17485 http://www.securityfocus.com/archive/1/541652/100/0/threaded https://access.redhat.com/errata/RHSA-2018:0116 https://access.redhat.com/errata/RHSA-2018:0342 https://access.redhat.com/errata/RHSA-2018:0478 https://access.redhat.com/errata/RHSA-2018:0479 https://access.redhat.com/errata/RHSA-2018:0480 https://access.redhat.com/errata/RHSA-2018:0481 https://access.redhat.com/errata/RHS • CWE-502: Deserialization of Untrusted Data •