CVE-2023-41337

h2o vulnerable to TLS session resumption misdirection

Severity Score

6.7

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. In version 2.3.0-beta2 and prior, when h2o is configured to listen to multiple addresses or ports with each of them using different backend servers managed by multiple entities, a malicious backend entity that also has the opportunity to observe or inject packets exchanged between the client and h2o may misdirect HTTPS requests going to other backends and observe the contents of that HTTPS request being sent.

The attack involves a victim client trying to resume a TLS connection and an attacker redirecting the packets to a different address or port than that intended by the client. The attacker must already have been configured by the administrator of h2o to act as a backend to one of the addresses or ports that the h2o instance listens to. Session IDs and tickets generated by h2o are not bound to information specific to the server address, port, or the X.509 certificate, and therefore it is possible for an attacker to force the victim connection to wrongfully resume against a different server address or port on which the same h2o instance is listening.

Once a TLS session is misdirected to resume to a server address / port that is configured to use an attacker-controlled server as the backend, depending on the configuration, HTTPS requests from the victim client may be forwarded to the attacker's server.

An H2O instance is vulnerable to this attack only if the instance is configured to listen to different addresses or ports using the listen directive at the host level and the instance is configured to connect to backend servers managed by multiple entities.

A patch is available at commit 35760540337a47e5150da0f4a66a609fad2ef0ab. As a workaround, one may stop using using host-level listen directives in favor of global-level ones.

h2o es un servidor HTTP compatible con HTTP/1.x, HTTP/2 y HTTP/3. En la versión 2.3.0-beta2 y anteriores, cuando h2o está configurado para escuchar múltiples direcciones o puertos y cada uno de ellos usa diferentes servidores backend administrados por múltiples entidades, una entidad backend maliciosa que también tiene la oportunidad de observar o inyectar paquetes intercambiados entre el cliente y h2o pueden desviar las solicitudes HTTPS que van a otros backends y observar el contenido de esa solicitud HTTPS que se envía. El ataque implica que un cliente víctima intenta reanudar una conexión TLS y un atacante redirige los paquetes a una dirección o puerto diferente al previsto por el cliente. El atacante ya debe haber sido configurado por el administrador de h2o para actuar como backend de una de las direcciones o puertos que escucha la instancia de h2o. Los ID de sesión y los tickets generados por h2o no están vinculados a información específica de la dirección del servidor, el puerto o el certificado X.509 y, por lo tanto, es posible que un atacante fuerce la conexión de la víctima a reanudarse incorrectamente en una dirección de servidor o puerto diferente. en el que está escuchando la misma instancia de h2o. Una vez que una sesión TLS se dirige erróneamente para reanudarse a una dirección/puerto de servidor que está configurado para usar un servidor controlado por el atacante como backend, dependiendo de la configuración, las solicitudes HTTPS del cliente víctima pueden reenviarse al servidor del atacante. Una instancia H2O es vulnerable a este ataque solo si la instancia está configurada para escuchar diferentes direcciones o puertos usando la directiva de escucha en el nivel de host y la instancia está configurada para conectarse a servidores backend administrados por múltiples entidades. Hay un parche disponible en el commit 35760540337a47e5150da0f4a66a609fad2ef0ab. Como workaround, se pueden dejar de utilizar directivas de escucha a nivel de host en favor de las de nivel global.

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Attack Vector

Adjacent

Attack Complexity

High

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-08-28 CVE Reserved
2023-12-12 CVE Published
2023-12-13 EPSS Updated
2024-08-02 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-347: Improper Verification of Cryptographic Signature

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC
https://github.com/h2o/h2o/commit/35760540337a47e5150da0f4a66a609fad2ef0ab	2023-12-19
https://github.com/h2o/h2o/security/advisories/GHSA-5v5r-rghf-rm6q	2023-12-19

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dena Search vendor "Dena"		H2o Search vendor "Dena" for product "H2o"				<= 2.2.6 Search vendor "Dena" for product "H2o" and version " <= 2.2.6"		-		Affected
Dena Search vendor "Dena"		H2o Search vendor "Dena" for product "H2o"				2.3.0 Search vendor "Dena" for product "H2o" and version "2.3.0"		beta1		Affected
Dena Search vendor "Dena"		H2o Search vendor "Dena" for product "H2o"				2.3.0 Search vendor "Dena" for product "H2o" and version "2.3.0"		beta2		Affected