CVE-2020-24750 – jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration
https://notcve.org/view.php?id=CVE-2020-24750
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacción entre los gadgets de serialización y la escritura, relacionada con com.pastdev.httpcomponents.configuration.JndiConfiguration A flaw was found in jackson-databind 2.x in versions prior to 2.9.10.6. The interaction between serialization gadgets and typing is mishandled. The highest threat from this vulnerability is to data confidentiality and system availability. • https://github.com/Al1ex/CVE-2020-24750 https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b https://github.com/FasterXML/jackson-databind/issues/2798 https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html https://security.netapp.com/advisory/ntap-20201009-0003 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com • CWE-502: Deserialization of Untrusted Data •
CVE-2020-11998
https://notcve.org/view.php?id=CVE-2020-11998
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13 Se ha introducido una regresión en el commit que evita que JMX vuelva a vincularse. Al pasar un mapa de entorno vacío hacia RMIConnectorServer, en lugar del mapa que contiene las credenciales de autenticación, deja ActiveMQ abierto al siguiente ataque: https://docs.oracle.com/javase/8/docs/technotes/guides/management/ agent.html. " Un cliente remoto podría crear un MBean javax.management.loading.MLet y usarlo para crear nuevos MBeans a partir de URL arbitrarias, al menos si no existe un administrador de seguridad. • http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpujan2021.html https://www.oracle.com/security- •
CVE-2020-24616
https://notcve.org/view.php?id=CVE-2020-24616
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacción entre los dispositivos de serialización y la escritura, relacionada con br.com.anteros.dbcp.AnterosDBCPDataSource (también se conoce como Anteros-DBCP) • https://github.com/FasterXML/jackson-databind/issues/2814 https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062 https://security.netapp.com/advisory/ntap-20200904-0006 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpuj • CWE-502: Deserialization of Untrusted Data •
CVE-2020-11993 – httpd: mod_http2 concurrent pool usage
https://notcve.org/view.php?id=CVE-2020-11993
Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. Configuring the LogLevel of mod_http2 above "info" will mitigate this vulnerability for unpatched servers. Apache HTTP Server versiones 2.4.20 hasta 2.4.43, cuando trace/debug fue habilitado para el módulo HTTP/2 y en determinados patrones de tráfico de borde, se hicieron declaraciones de registro en la conexión errónea, causando un uso concurrente de grupos de memoria. Configurando el LogLevel de mod_http2 sobre "info" mitigará esta vulnerabilidad para los servidores sin parches A flaw was found in Apache httpd in versions 2.4.20 to 2.4.43. Logging using the wrong pool by mod_http2 at debug/trace log level may lead to potential crashes and denial of service. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00081.html http://packetstormsecurity.com/files/160393/Apache-2-HTTP2-Module-Concurrent-Pool-Usage.html https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E https://lists • CWE-400: Uncontrolled Resource Consumption CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVE-2020-11984 – httpd: mod_proxy_uwsgi buffer overflow
https://notcve.org/view.php?id=CVE-2020-11984
Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE Apache HTTP server versiones 2.4.32 hasta 2.4.44, la función mod_proxy_uwsgi divulga información y posible RCE A flaw was found in Apache httpd in versions 2.4.32 to 2.4.46. The uwsgi protocol does not serialize more than 16K of HTTP header leading to resource exhaustion and denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00068.html http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00071.html http://packetstormsecurity.com/files/159009/Apache2-mod_proxy_uwsgi-Incorrect-Request-Handling.html http://www.openwall.com/lists/oss-security/2020/08/08/1 http://www.openwall.com/lists/oss-security/2020/08/08/10 http://www.openwall.com/lists/oss-security/2020/08/08/8 http://www.openwall.com/lists/oss-security/2020/08/08/9 http • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-400: Uncontrolled Resource Consumption •