CVE-2017-7525 – jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper
https://notcve.org/view.php?id=CVE-2017-7525
A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. Se ha descubierto un error de deserialización en jackson-databind, en versiones anteriores a la 2.6.7.1, 2.7.9.1 y a la 2.8.9, que podría permitir que un usuario no autenticado ejecute código enviando las entradas maliciosamente manipuladas al método readValue de ObjectMapper. A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. • https://github.com/Ingenuity-Fainting-Goats/CVE-2017-7525-Jackson-Deserialization-Lab http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/99623 http://www.securitytracker.com/id/1039744 http://www.securitytracker.com/id/1039947 http://www.securitytracker.com/id/1040360 https://access.redhat.com/errat • CWE-20: Improper Input Validation CWE-184: Incomplete List of Disallowed Inputs CWE-502: Deserialization of Untrusted Data •
CVE-2017-9788 – httpd: Uninitialized memory reflection in mod_auth_digest
https://notcve.org/view.php?id=CVE-2017-9788
In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service. En Apache httpd, en versiones anteriores a la 2.2.34 y en versiones 2.4.x anteriores a la 2.4.27, el valor placeholder en cabeceras [Proxy-]Authorization del tipo 'Digest' no se inicializó o reinició antes de o entre las asignaciones sucesivas key=value por mod_auth_digest. Proporcionar una clave inicial sin asignación "=" podría reflejar el valor obsoleto de la memoria agrupada no inicializada utilizada por la petición anterior. Esto podría dar lugar al filtrado de información potencialmente confidencial y, en otros casos, a un fallo de segmentación que daría como resultado una denegación de servicio (DoS) It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. • http://www.debian.org/security/2017/dsa-3913 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.securityfocus.com/bid/99569 http://www.securitytracker.com/id/1038906 https://access.redhat.com/errata/RHSA-2017:2478 https://access.redhat.com/errata/RHSA-2017:2479 https://access.redhat.com/errata/RHSA-2017:2483 https://access.redhat.com/errata/RHSA-2017:2708 https://access.redhat.com/errata/RHSA-2017:2709 https://access.redhat.com/errata/RHS • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-456: Missing Initialization of a Variable •
CVE-2017-2595 – wildfly: Arbitrary file read via path traversal
https://notcve.org/view.php?id=CVE-2017-2595
It was found that the log file viewer in Red Hat JBoss Enterprise Application 6 and 7 allows arbitrary file read to authenticated user via path traversal. Se ha encontrado que el visor de archivos de log en Red Hat JBoss Enterprise Application 6 y 7 permite que un archivo arbitrario sea leído por el usuario autenticado a través de un salto de directorio. • http://rhn.redhat.com/errata/RHSA-2017-1409.html http://rhn.redhat.com/errata/RHSA-2017-1551.html http://www.securityfocus.com/bid/98967 http://www.securitytracker.com/id/1038757 https://access.redhat.com/errata/RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:1548 https://access.redhat.com/errata/RHSA-2017:1549 https://access.redhat.com/errata/RHSA-2017:1550 h • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2017-2670 – undertow: IO thread DoS via unclean Websocket closing
https://notcve.org/view.php?id=CVE-2017-2670
It was found in Undertow before 1.3.28 that with non-clean TCP close, the Websocket server gets into infinite loop on every IO thread, effectively causing DoS. Se ha encontrado en Undertow en versiones anteriores a la 1.3.28 que con el cierre no seguro de TCP, el servidor Websocket entra en bucle infinito en cada hilo IO, provocando efectivamente una denegación de servicio (DoS). It was found that with non-clean TCP close, Websocket server gets into infinite loop on every IO thread, effectively causing DoS. • http://rhn.redhat.com/errata/RHSA-2017-1409.html http://www.securityfocus.com/bid/98965 https://access.redhat.com/errata/RHSA-2017:1410 https://access.redhat.com/errata/RHSA-2017:1411 https://access.redhat.com/errata/RHSA-2017:1412 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://bugzilla.redhat.com/show_bug.cgi?id • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2016-8657 – jboss: jbossas writable config files allow privilege escalation
https://notcve.org/view.php?id=CVE-2016-8657
It was discovered that EAP packages in certain versions of Red Hat Enterprise Linux use incorrect permissions for /etc/sysconfig/jbossas configuration files. The file is writable to jboss group (root:jboss, 664). On systems using classic /etc/init.d init scripts (i.e. on Red Hat Enterprise Linux 6 and earlier), the file is sourced by the jboss init script and its content executed with root privileges when jboss service is started, stopped, or restarted. Se ha descubierto que los paquetes EAP en ciertas versiones de Red Hat Enterprise Linux emplean permisos incorrectos para los archivo de configuración /etc/sysconfig/jbossas. El archivo puede escribirse en el grupo jboss (root:jboss, 664). • http://rhn.redhat.com/errata/RHSA-2017-0826.html http://rhn.redhat.com/errata/RHSA-2017-0827.html http://rhn.redhat.com/errata/RHSA-2017-0828.html http://rhn.redhat.com/errata/RHSA-2017-0829.html http://www.securityfocus.com/bid/96896 https://access.redhat.com/errata/RHSA-2018:1609 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8657 https://access.redhat.com/security/cve/CVE-2016-8657 https://bugzilla.redhat.com/show_bug.cgi?id=1400343 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •