CVE-2023-26219 – TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26219
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below. Los componentes Hawk Console y Hawk Agent de TIBCO Hawk de TIBCO Software Inc., TIBCO Hawk Distribution para TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail y TIBCO Runtime Agent contienen una vulnerabilidad que teóricamente permite a un atacante acceder al log de Hawk Console y Hawk Agent para obtener las credenciales utilizadas para acceder a los servidores EMS asociados. • https://www.tibco.com/services/support/advisories • CWE-798: Use of Hard-coded Credentials •
CVE-2022-29167 – ReDoS vulnerability in header parsing in hawk
https://notcve.org/view.php?id=CVE-2022-29167
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. • https://github.com/mozilla/hawk/pull/286 https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVE-2016-2515
https://notcve.org/view.php?id=CVE-2016-2515
Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause a denial of service (CPU consumption or partial outage) via a long (1) header or (2) URI that is matched against an improper regular expression. Hawk en versiones anteriores a 3.1.3 y 4.x en versiones anteriores a 4.1.1 permite a atacantes remotos provocar una denegación de servicio (consumo de CPU o interrupción parcial ) a través de una (1) cabecera o (2) URI larga que coincide contra una expresión regular incorrecta. • http://www.openwall.com/lists/oss-security/2016/02/20/1 http://www.openwall.com/lists/oss-security/2016/02/20/2 https://bugzilla.redhat.com/show_bug.cgi?id=1309721 https://github.com/hueniverse/hawk/commit/0833f99ba64558525995a7e21d4093da1f3e15fa https://github.com/hueniverse/hawk/issues/168 https://nodesecurity.io/advisories/77 • CWE-399: Resource Management Errors •
CVE-2008-3338
https://notcve.org/view.php?id=CVE-2008-3338
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Hawk (1) la librería AMI C (libtibhawkami) y (2) Hawk HMA (tibhawkhma), como se usan en TIBCO Hawk antes de 4.8.1; Runtime Agent (TRA) anterior a 5.6.0; iProcess Engine de 10.3.0 a 10.6.2 y 11.0.0; y Mainframe Service Tracker anterior a 1.1.0 podría permitir a atacantes remotos ejecutar código de su elección mediante un mensaje manipulado. • http://secunia.com/advisories/31618 http://www.securityfocus.com/bid/30836 http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt http://www.vupen.com/english/advisories/2008/2448 https://exchange.xforce.ibmcloud.com/vulnerabilities/44604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1703
https://notcve.org/view.php?id=CVE-2008-1703
Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Software Rendezvous anterior a 8.1.0., utilizado en múltiples productos TIBCO,permitena atacantes remotos ejecutar código de su elección mediante un mensaje manipulado. • http://secunia.com/advisories/29774 http://www.osvdb.org/44269 http://www.securityfocus.com/bid/28717 http://www.securitytracker.com/id?1019826 http://www.tibco.com/resources/mk/rendezvous_security_advisory_20080409.txt http://www.vupen.com/english/advisories/2008/1189/references http://www.vupen.com/english/advisories/2008/1190/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41760 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •