CVSS: 7.5EPSS: 2%CPEs: 104EXPL: 0CVE-2016-5285 – nss: Missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime causes server crash
https://notcve.org/view.php?id=CVE-2016-5285
A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service. Existe una vulnerabilidad de desreferencia de puntero nulo en Mozilla Network Security Services debido a una falta de verificación NULL en PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, lo que podría permitir que un usuario malintencionado remoto cause una Denegación de servicio. A NULL pointer dereference flaw was found in the way NSS handled invalid Diffie-Hellman keys. A remote client could use this flaw to crash a TLS/SSL server using NSS. • http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00011.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00037.html http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00049.html http://rhn.redhat.com/errata/RHSA-2016-2779.html http://www.securityfocus.com/bid/94349 http://www.ubuntu.com/usn/USN-3163-1 https://bto.bluecoat.com/security-advisory/sa137 https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 https://security.gentoo.org/glsa&#x • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 81%CPEs: 41EXPL: 32CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- only la cartografía de la memoria, como explotados en la naturaleza en octubre de 2016, vulnerabilidad también conocida como "Dirty COW". A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. • https://github.com/dirtycow/dirtycow.github.io https://www.exploit-db.com/exploits/40611 https://www.exploit-db.com/exploits/40838 https://www.exploit-db.com/exploits/40616 https://www.exploit-db.com/exploits/40839 https://www.exploit-db.com/exploits/40847 https://github.com/timwr/CVE-2016-5195 https://github.com/gbonacini/CVE-2016-5195 https://github.com/whu-enjoy/CVE-2016-5195 https://github.com/jas502n/CVE-2016-5195 https://github.com/arttnba3/CVE-2016- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2016-6325 – tomcat: tomcat writable config files allow privilege escalation
https://notcve.org/view.php?id=CVE-2016-6325
The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group. El paquete Tomcat en Red Hat Enterprise Linux (RHEL) 5 hasta la versión 7, JBoss Web Server 3.0 y JBoss EWS 2 utiliza permisos débiles para (1) /etc/sysconfig/tomcat y (2) /etc/tomcat/tomcat.conf, lo que permite a usuarios locales obtener privilegios aprovechando su pertenencia al grupo tomcat. It was discovered that the Tomcat packages installed certain configuration files read by the Tomcat initialization script as writeable to the tomcat group. A member of the group or a malicious web application deployed on Tomcat could use this flaw to escalate their privileges. • http://rhn.redhat.com/errata/RHSA-2016-2045.html http://rhn.redhat.com/errata/RHSA-2016-2046.html http://rhn.redhat.com/errata/RHSA-2017-0457.html http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html http://www.securityfocus.com/bid/93478 https://access.redhat.com/errata/RHSA-2017:0455 https://access.redhat.com/errata/RHSA-2017:0456 https://bugzilla.redhat.com/show_bug.cgi?id=1367447 https://access.redhat.com/security/cve/CVE-2016-6325 • CWE-264: Permissions, Privileges, and Access Controls CWE-284: Improper Access Control •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5406 – EAP7 Privilege escalation when managing domain including earlier version slaves
https://notcve.org/view.php?id=CVE-2016-5406
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. El controlador de dominios en Red Hat JBoss Enterprise Application Platform (EAP) 7.x en versiones anteriores a 7.0.2 permite a usuarios remotos autenticados obtener privilegios aprovechando el fallo de propagación de configuración RBAC administrativa a todos los esclavos. The domain controller will not propagate its administrative RBAC configuration to some slaves. An attacker could use this to escalate their privileges. • http://rhn.redhat.com/errata/RHSA-2016-1838.html http://rhn.redhat.com/errata/RHSA-2016-1839.html http://rhn.redhat.com/errata/RHSA-2016-1840.html http://rhn.redhat.com/errata/RHSA-2016-1841.html https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017:3458 https://bugzilla.redhat.com/show_bug.cgi?id=1359014 https://access.redhat.c • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-4993 – eap: HTTP header injection / response splitting
https://notcve.org/view.php?id=CVE-2016-4993
CRLF injection vulnerability in the Undertow web server in WildFly 10.0.0, as used in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en el servidor web Undertow en WildFly 10.0.0, tal como se utiliza en Red Hat JBoss Enterprise Application Platform (EAP) 7.x en versiones anteriores a 7.0.2, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través de vectores no especificados. It was reported that EAP 7 Application Server/Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. • http://rhn.redhat.com/errata/RHSA-2016-1838.html http://rhn.redhat.com/errata/RHSA-2016-1839.html http://rhn.redhat.com/errata/RHSA-2016-1840.html http://rhn.redhat.com/errata/RHSA-2016-1841.html http://www.securityfocus.com/bid/92894 http://www.securitytracker.com/id/1036758 https://access.redhat.com/errata/RHSA-2017:3454 https://access.redhat.com/errata/RHSA-2017:3455 https://access.redhat.com/errata/RHSA-2017:3456 https://access.redhat.com/errata/RHSA-2017: • CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection') CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •