CVE-2021-41186

ReDoS vulnerability in parser_apache2

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).

Fluentd recoge eventos de varias fuentes de datos y los escribe en archivos para ayudar a unificar la infraestructura de registro. El plugin parser_apache2 en Fluentd versiones v0.14.14 hasta v1.14.1 sufre una vulnerabilidad de denegación de servicio de expresión regular (ReDoS). Un registro de apache roto con un determinado patrón de cadena puede pasar demasiado tiempo en una expresión regular, resultando en un potencial de un ataque DoS. Este problema está parcheado en la versión 1.14.2. Se presentan dos soluciones disponibles. O bien no usar parser_apache2 para analizar los registros (que no pueden ser garantizados por Apache), o poner la versión parcheada de parser_apache2.rb en el directorio /etc/fluent/plugin (o cualquier otro directorio especificado por la variable de entorno "FLUENT_PLUGIN" o "--plugin" de fluentd)

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-09-15 CVE Reserved
2021-10-29 CVE Published
2024-07-14 EPSS Updated
2024-08-04 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption

CAPEC

References (3)

URL	Tag	Source
https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142	Release Notes
https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662	Third Party Advisory
https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Fluentd Search vendor "Fluentd"		Fluentd Search vendor "Fluentd" for product "Fluentd"				>= 0.14.14 <= 1.14.1 Search vendor "Fluentd" for product "Fluentd" and version " >= 0.14.14 <= 1.14.1"		-		Affected