CVE-2015-5188 – EAP: CSRF vulnerability in EAP & WildFly Web Console
https://notcve.org/view.php?id=CVE-2015-5188
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission. Vulnerabilidad de CSRF en la Web Console (web-console) en Red Hat Enterprise Application Platform en versiones anteriores a 6.4.4 y WildFly (anteriormente JBoss Application Server) en versiones anteriores a 2.0.0.CR9 permite a atacantes remotos secuestrar la autenticación de los administradores para solicitudes que realizan cambios arbitrarios en una instancia a través de vectores que involucran una carga de archivo utilizando un envío de datos multipart/form-data. It was discovered that when uploading a file using a multipart/form-data submission to the EAP Web Console, the Console was vulnerable to Cross-Site Request Forgery (CSRF). This meant that an attacker could use the flaw together with a forgery attack to make changes to an authenticated instance. • http://rhn.redhat.com/errata/RHSA-2015-1904.html http://rhn.redhat.com/errata/RHSA-2015-1905.html http://rhn.redhat.com/errata/RHSA-2015-1906.html http://rhn.redhat.com/errata/RHSA-2015-1907.html http://rhn.redhat.com/errata/RHSA-2015-1908.html http://www.securitytracker.com/id/1033859 https://bugzilla.redhat.com/show_bug.cgi?id=1252885 https://issues.jboss.org/browse/WFCORE-594 https://access.redhat.com/security/cve/CVE-2015-5188 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2015-5220 – OOME from EAP 6 http management console
https://notcve.org/view.php?id=CVE-2015-5220
The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header. Web Console en Red Hat Enterprise Application Platform (EAP) en versiones anteriores a 6.4.4 y WildFly (anteriormente JBoss Application Server) permite a atacantes remotos provocar una denegación de servicio (consumo de la memoria) a través de una cabecera de petición grande. It was discovered that sending requests containing large headers to the Web Console produced a Java OutOfMemoryError in the HTTP management interface. An attacker could use this flaw to cause a denial of service. • http://rhn.redhat.com/errata/RHSA-2015-1904.html http://rhn.redhat.com/errata/RHSA-2015-1905.html http://rhn.redhat.com/errata/RHSA-2015-1906.html http://rhn.redhat.com/errata/RHSA-2015-1907.html http://rhn.redhat.com/errata/RHSA-2015-1908.html http://rhn.redhat.com/errata/RHSA-2016-1519.html http://www.securitytracker.com/id/1033859 https://bugzilla.redhat.com/show_bug.cgi?id=1255597 https://access.redhat.com/security/cve/CVE-2015-5220 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2014-0118 – httpd: mod_deflate denial of service
https://notcve.org/view.php?id=CVE-2014-0118
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. La función deflate_in_filter en mod_deflate.c en el módulo mod_deflate en Apache HTTP Server anterior a 2.4.10, cuando la descompresión del cuerpo de una solicitud está habilitada, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de datos de solicitudes manipulados que descomprime a un tamaño mucho más grande. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. • http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://rhn.redhat.com/errata/RHSA-2014 • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-0226 – Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. Condición de carrera en el módulo mod_status en Apache HTTP Server anterior a 2.4.10 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica), o posiblemente obtener información sensible de credenciales o ejecutar código arbitrario, a través de una solicitud manipulada que provoca el manejo indebido de la tabla de clasificación (scoreboard) dentro de la función status_handler en modules/generators/mod_status.c y la función lua_ap_scoreboard_worker en modules/lua/lua_request.c. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. • https://www.exploit-db.com/exploits/34133 https://github.com/shreesh1/CVE-2014-0226-poc http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2013-1896 – httpd: mod_dav DoS (httpd child process crash) via a URI MERGE request with source URI not handled by mod_dav
https://notcve.org/view.php?id=CVE-2013-1896
mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI. mod_dav.c en el Apache HTTP Server anterior a 2.2.25 no determina adecuadamente si DAV está activado para URI, lo que permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) a través de una petición MERGE en la que la URI está configurada para manejarse con el módulo mod_dav_svn, pero determinados atributos href en los datos XML se refieren a una URI que no es del tipo DAV. • http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html http://rhn.redhat.com/errata/RHSA-2013-1156.html http://rhn.redhat.com/errata/RHSA-2013-1207.html http://rhn.redhat.com/errata/RHSA-2013-1208.html http://rhn.redhat.com/errata/RHSA-2013-1209.html http://secunia.com/advisories/55032 http://support.apple.com/kb/HT6150 http:/ •