CVE-2014-0118 – httpd: mod_deflate denial of service
https://notcve.org/view.php?id=CVE-2014-0118
The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size. La función deflate_in_filter en mod_deflate.c en el módulo mod_deflate en Apache HTTP Server anterior a 2.4.10, cuando la descompresión del cuerpo de una solicitud está habilitada, permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de datos de solicitudes manipulados que descomprime a un tamaño mucho más grande. A denial of service flaw was found in the way httpd's mod_deflate module handled request body decompression (configured via the "DEFLATE" input filter). A remote attacker able to send a request whose body would be decompressed could use this flaw to consume an excessive amount of system memory and CPU on the target system. • http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http://marc.info/?l=bugtraq&m=144493176821532&w=2 http://rhn.redhat.com/errata/RHSA-2014 • CWE-400: Uncontrolled Resource Consumption •
CVE-2014-0226 – Apache httpd mod_status Heap Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-0226
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c. Condición de carrera en el módulo mod_status en Apache HTTP Server anterior a 2.4.10 permite a atacantes remotos causar una denegación de servicio (desbordamiento de buffer basado en memoria dinámica), o posiblemente obtener información sensible de credenciales o ejecutar código arbitrario, a través de una solicitud manipulada que provoca el manejo indebido de la tabla de clasificación (scoreboard) dentro de la función status_handler en modules/generators/mod_status.c y la función lua_ap_scoreboard_worker en modules/lua/lua_request.c. A race condition flaw, leading to heap-based buffer overflows, was found in the mod_status httpd module. A remote attacker able to access a status page served by mod_status on a server using a threaded Multi-Processing Module (MPM) could send a specially crafted request that would cause the httpd child process to crash or, possibly, allow the attacker to execute arbitrary code with the privileges of the "apache" user. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apache HTTPD server. • https://www.exploit-db.com/exploits/34133 https://github.com/shreesh1/CVE-2014-0226-poc http://advisories.mageia.org/MGASA-2014-0304.html http://advisories.mageia.org/MGASA-2014-0305.html http://httpd.apache.org/security/vulnerabilities_24.html http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html http://marc.info/?l=bugtraq&m=143403519711434&w=2 http://marc.info/?l=bugtraq&m=143748090628601&w=2 http://marc.info/?l=bugtraq&m=144050155601375&w=2 http • CWE-122: Heap-based Buffer Overflow CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2014-3530 – PicketLink: XXE via insecure DocumentBuilderFactory usage
https://notcve.org/view.php?id=CVE-2014-3530
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. El método org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory en PicketLink, utilizado en Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 y 6.2.4, expande referencias de entidad, lo que permite a atacantes remotos leer código arbitrario y posiblemente tener otro impacto no especificado a través de vectores no especificados, relacionado con un problema de entidad externa XML (XXE). It was found that the implementation of the org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory() method provided a DocumentBuilderFactory that would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks. • http://rhn.redhat.com/errata/RHSA-2014-0883.html http://rhn.redhat.com/errata/RHSA-2014-0884.html http://rhn.redhat.com/errata/RHSA-2014-0885.html http://rhn.redhat.com/errata/RHSA-2014-0886.html http://rhn.redhat.com/errata/RHSA-2015-0091.html http://rhn.redhat.com/errata/RHSA-2015-0675.html http://rhn.redhat.com/errata/RHSA-2015-0720.html http://rhn.redhat.com/errata/RHSA-2015-0765.html http://rhn.redhat.com/errata/RHSA-2015-1888.html http://secuni • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-0034 – CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
https://notcve.org/view.php?id=CVE-2014-0034
The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x before 2.7.9 does not properly validate SAML tokens when caching is enabled, which allows remote attackers to gain access via an invalid SAML token. SecurityTokenService (STS) en Apache CXF anterior a 2.6.12 y 2.7.x anterior a 2.7.9 no valida debidamente los tokens SAML cuando el cacheo está habilitado, lo que permite a atacantes remotos ganar acceso a través de un token SAML inválido. It was found that the SecurityTokenService (STS), provided as a part of Apache CXF, could under certain circumstances accept invalid SAML tokens as valid. A remote attacker could use a specially crafted SAML token to gain access to an application that uses STS for validation of SAML tokens. • http://cxf.apache.org/security-advisories.data/CVE-2014-0034.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1551228 http://www.securityfocus.com/bid/68441 https • CWE-20: Improper Input Validation CWE-345: Insufficient Verification of Data Authenticity •
CVE-2014-0035 – CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy
https://notcve.org/view.php?id=CVE-2014-0035
The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. SymmetricBinding en Apache CXF anterior a 2.6.13 y 2.7.x anterior a 2.7.10, cuando EncryptBeforeSigning está habilitado y la política UsernameToken está configurada en un EncryptedSupportingToken, transmite el UsernameToken en texto claro, lo que permite a atacantes remotos obtener información sensible mediante la captura de trafico de la red. It was discovered that UsernameTokens were sent in plain text by an Apache CXF client that used a Symmetric EncryptBeforeSigning password policy. A man-in-the-middle attacker could use this flaw to obtain the user name and password used by the client application using Apache CXF. • http://cxf.apache.org/security-advisories.data/CVE-2014-0035.txt.asc http://rhn.redhat.com/errata/RHSA-2014-0797.html http://rhn.redhat.com/errata/RHSA-2014-0798.html http://rhn.redhat.com/errata/RHSA-2014-0799.html http://rhn.redhat.com/errata/RHSA-2014-1351.html http://rhn.redhat.com/errata/RHSA-2015-0850.html http://rhn.redhat.com/errata/RHSA-2015-0851.html http://svn.apache.org/viewvc?view=revision&revision=1564724 https://lists.apache.org/thread.html/r36e44ffc • CWE-310: Cryptographic Issues CWE-522: Insufficiently Protected Credentials •