CVSS: 7.5EPSS: 95%CPEs: 4EXPL: 3CVE-2018-11759 – mod_jk: connector path traversal due to mishandled HTTP requests in httpd
https://notcve.org/view.php?id=CVE-2018-11759
The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical. El código específico de Apache Web Server (httpd) que normalizaba la ruta antes de compararla con el mapa URI-worker en Apache Tomcat JK (mod_jk) Connector, desde la versión 1.2.0 hasta la 1.2.44, no gestionaba correctamente algunos casos extremos. • https://github.com/immunIT/CVE-2018-11759 https://github.com/Jul10l1r4/Identificador-CVE-2018-11759 https://github.com/julioliraup/Identificador-CVE-2018-11759 http://www.securityfocus.com/bid/105888 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://lists.apache.org/thread.html/277d42b48b6e9aef50949c0dcc79ce21693091d73da246b3c1981925%40%3Cdev.tomcat.apache.org%3E https://lists.apache.org/thread.html/5b7a23e245c93235c503900da854a143596d901bf1a1f67e851a5de4%40%3Cdev.tomcat.ap • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9596 – libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)
https://notcve.org/view.php?id=CVE-2016-9596
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627. libxml2, tal y como se usa en Red Hat JBoss Core Services y en modo de recuperación, permite que los atacantes dependientes de contexto provoquen una denegación de servicio (consumo de pila) mediante un documento XML. NOTA: Esta vulnerabilidad existe debido a una solución incorrecta para CVE-2016-3627. • https://bugzilla.redhat.com/show_bug.cgi?id=1408302 https://access.redhat.com/security/cve/CVE-2016-9596 • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2016-9598 – libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)
https://notcve.org/view.php?id=CVE-2016-9598
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. libxml2, tal y como se usa en Red Hat JBoss Core Services, permite que los atacantes dependientes de contexto provoquen una denegación de servicio (lectura fuera de límites y cierre inesperado de la aplicación) mediante un documento XML. NOTA: Esta vulnerabilidad existe debido a la ausencia de una solución para CVE-2016-4483. • https://access.redhat.com/errata/RHSA-2018:2486 https://bugzilla.redhat.com/show_bug.cgi?id=1408306 https://access.redhat.com/security/cve/CVE-2016-9598 • CWE-125: Out-of-bounds Read CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 7%CPEs: 8EXPL: 0CVE-2018-1333 – DoS for HTTP/2 connections by crafted requests
https://notcve.org/view.php?id=CVE-2018-1333
By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. Fixed in Apache HTTP Server 2.4.34 (Affected 2.4.18-2.4.30,2.4.33). Al manipular especialmente las peticiones HTTP/2, los trabajadores se asignarían 60 segundos más de los necesarios, lo que conduce a un agotamiento de los trabajadores y a una denegación de servicio (DoS). Esto se ha solucionado en Apache HTTP Server 2.4.34 (2.4.18 - 2.4.30, 2.4.33 afectadas). • http://www.securitytracker.com/id/1041402 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333 https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E https://lists.apache.o • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 1%CPEs: 39EXPL: 0CVE-2018-1312 – httpd: Weak Digest auth nonce generation in mod_auth_digest
https://notcve.org/view.php?id=CVE-2018-1312
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection. En Apache httpd, en versiones desde la 2.2.0 hasta la 2.4.29, cuando se genera un desafío de autenticación HTTP Digest, el nonce enviado para evitar ataques replay no se generó correctamente empleando una semilla pseudoaleatoria. En un clúster de servidores, utilizando una configuración de autenticación Digest común, las peticiones HTTP se podrían reemplazar en los servidores por un atacante si que este sea detectado. • http://www.openwall.com/lists/oss-security/2018/03/24/7 http://www.securityfocus.com/bid/103524 http://www.securitytracker.com/id/1040571 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:1898 https://httpd.apache.org/security/vulnerabilities_24.html https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd. • CWE-287: Improper Authentication CWE-305: Authentication Bypass by Primary Weakness •