ISHACK AI BOT

Debian: CVE-2023-45539: haproxy -- security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 12/20/2023 Added 12/19/2023 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) debian-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 DLA-3688-1

VMware Photon OS: CVE-2023-30588 Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/28/2023 Created 01/21/2025 Added 01/20/2025 Modified 02/04/2025 Description When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. Solution(s) vmware-photon_os_update_tdnf References https://attackerkb.com/topics/cve-2023-30588 CVE - 2023-30588

Gentoo Linux: CVE-2023-30590: Node.js: Multiple Vulnerabilities Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 05/10/2024 Added 05/10/2024 Modified 01/30/2025 Description The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public key after calling setPrivateKey(). However, the documentation says this API call: "Generates private and public Diffie-Hellman key values". The documented behavior is very different from the actual behavior, and this difference could easily lead to security issues in applications that use these APIs as the DiffieHellman may be used as the basis for application-level security, implications are consequently broad. Solution(s) gentoo-linux-upgrade-net-libs-nodejs References https://attackerkb.com/topics/cve-2023-30590 CVE - 2023-30590 202405-29

CentOS Linux: CVE-2023-5981: Moderate: gnutls security update (CESA-2024:0155) Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/28/2023 Created 01/12/2024 Added 01/11/2024 Modified 01/28/2025 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) centos-upgrade-gnutls centos-upgrade-gnutls-c centos-upgrade-gnutls-c-debuginfo centos-upgrade-gnutls-dane centos-upgrade-gnutls-dane-debuginfo centos-upgrade-gnutls-debuginfo centos-upgrade-gnutls-debugsource centos-upgrade-gnutls-devel centos-upgrade-gnutls-utils centos-upgrade-gnutls-utils-debuginfo References CVE-2023-5981

SUSE: CVE-2023-24023: SUSE Linux Security Advisory Severity 7 CVSS (AV:A/AC:M/Au:N/C:C/I:C/A:N) Published 11/28/2023 Created 07/10/2024 Added 07/10/2024 Modified 01/28/2025 Description Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS. Solution(s) suse-upgrade-cluster-md-kmp-64kb suse-upgrade-cluster-md-kmp-azure suse-upgrade-cluster-md-kmp-default suse-upgrade-cluster-md-kmp-rt suse-upgrade-dlm-kmp-64kb suse-upgrade-dlm-kmp-azure suse-upgrade-dlm-kmp-default suse-upgrade-dlm-kmp-rt suse-upgrade-dtb-allwinner suse-upgrade-dtb-altera suse-upgrade-dtb-amazon suse-upgrade-dtb-amd suse-upgrade-dtb-amlogic suse-upgrade-dtb-apm suse-upgrade-dtb-apple suse-upgrade-dtb-arm suse-upgrade-dtb-broadcom suse-upgrade-dtb-cavium suse-upgrade-dtb-exynos suse-upgrade-dtb-freescale suse-upgrade-dtb-hisilicon suse-upgrade-dtb-lg suse-upgrade-dtb-marvell suse-upgrade-dtb-mediatek suse-upgrade-dtb-nvidia suse-upgrade-dtb-qcom suse-upgrade-dtb-renesas suse-upgrade-dtb-rockchip suse-upgrade-dtb-socionext suse-upgrade-dtb-sprd suse-upgrade-dtb-xilinx suse-upgrade-gfs2-kmp-64kb suse-upgrade-gfs2-kmp-azure suse-upgrade-gfs2-kmp-default suse-upgrade-gfs2-kmp-rt suse-upgrade-kernel-64kb suse-upgrade-kernel-64kb-devel suse-upgrade-kernel-64kb-extra suse-upgrade-kernel-64kb-livepatch-devel suse-upgrade-kernel-64kb-optional suse-upgrade-kernel-azure suse-upgrade-kernel-azure-base suse-upgrade-kernel-azure-devel suse-upgrade-kernel-azure-extra suse-upgrade-kernel-azure-livepatch-devel suse-upgrade-kernel-azure-optional suse-upgrade-kernel-azure-vdso suse-upgrade-kernel-debug suse-upgrade-kernel-debug-devel suse-upgrade-kernel-debug-livepatch-devel suse-upgrade-kernel-debug-vdso suse-upgrade-kernel-default suse-upgrade-kernel-default-base suse-upgrade-kernel-default-base-rebuild suse-upgrade-kernel-default-devel suse-upgrade-kernel-default-extra suse-upgrade-kernel-default-livepatch suse-upgrade-kernel-default-livepatch-devel suse-upgrade-kernel-default-man suse-upgrade-kernel-default-optional suse-upgrade-kernel-default-vdso suse-upgrade-kernel-devel suse-upgrade-kernel-devel-azure suse-upgrade-kernel-devel-rt suse-upgrade-kernel-docs suse-upgrade-kernel-docs-html suse-upgrade-kernel-kvmsmall suse-upgrade-kernel-kvmsmall-devel suse-upgrade-kernel-kvmsmall-livepatch-devel suse-upgrade-kernel-kvmsmall-vdso suse-upgrade-kernel-macros suse-upgrade-kernel-obs-build suse-upgrade-kernel-obs-qa suse-upgrade-kernel-preempt suse-upgrade-kernel-preempt-devel suse-upgrade-kernel-rt suse-upgrade-kernel-rt-devel suse-upgrade-kernel-rt-extra suse-upgrade-kernel-rt-livepatch suse-upgrade-kernel-rt-livepatch-devel suse-upgrade-kernel-rt-optional suse-upgrade-kernel-rt-vdso suse-upgrade-kernel-rt_debug suse-upgrade-kernel-rt_debug-devel suse-upgrade-kernel-rt_debug-livepatch-devel suse-upgrade-kernel-rt_debug-vdso suse-upgrade-kernel-source suse-upgrade-kernel-source-azure suse-upgrade-kernel-source-rt suse-upgrade-kernel-source-vanilla suse-upgrade-kernel-syms suse-upgrade-kernel-syms-azure suse-upgrade-kernel-syms-rt suse-upgrade-kernel-zfcpdump suse-upgrade-kselftests-kmp-64kb suse-upgrade-kselftests-kmp-azure suse-upgrade-kselftests-kmp-default suse-upgrade-kselftests-kmp-rt suse-upgrade-ocfs2-kmp-64kb suse-upgrade-ocfs2-kmp-azure suse-upgrade-ocfs2-kmp-default suse-upgrade-ocfs2-kmp-rt suse-upgrade-reiserfs-kmp-64kb suse-upgrade-reiserfs-kmp-azure suse-upgrade-reiserfs-kmp-default suse-upgrade-reiserfs-kmp-rt References https://attackerkb.com/topics/cve-2023-24023 CVE - 2023-24023

FreeBSD: VID-8CDD38C7-8EBB-11EE-86BB-A8A1599412C6 (CVE-2023-6348): chromium -- multiple security fixes Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/28/2023 Created 12/02/2023 Added 11/30/2023 Modified 01/28/2025 Description Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) freebsd-upgrade-package-chromium freebsd-upgrade-package-qt5-webengine freebsd-upgrade-package-qt6-webengine freebsd-upgrade-package-ungoogled-chromium References CVE-2023-6348

SUSE: CVE-2023-45539: SUSE Linux Security Advisory Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 12/08/2023 Added 12/07/2023 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) suse-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539

Alpine Linux: CVE-2023-45539: Vulnerability in Haproxy Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 03/22/2024 Added 03/21/2024 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) alpine-linux-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 https://security.alpinelinux.org/vuln/CVE-2023-45539

Ubuntu: USN-6735-1 (CVE-2023-30588): Node.js vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/28/2023 Created 04/17/2024 Added 04/17/2024 Modified 01/28/2025 Description When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. Solution(s) ubuntu-upgrade-libnode-dev ubuntu-upgrade-libnode108 ubuntu-upgrade-nodejs ubuntu-upgrade-nodejs-doc References https://attackerkb.com/topics/cve-2023-30588 CVE - 2023-30588 USN-6735-1

Ubuntu: USN-7032-1 (CVE-2023-46589): Tomcat vulnerability Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 09/27/2024 Added 09/26/2024 Modified 01/28/2025 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. Solution(s) ubuntu-pro-upgrade-libtomcat8-embed-java ubuntu-pro-upgrade-libtomcat8-java ubuntu-pro-upgrade-libtomcat9-embed-java ubuntu-pro-upgrade-libtomcat9-java References https://attackerkb.com/topics/cve-2023-46589 CVE - 2023-46589 USN-7032-1

Rocky Linux: CVE-2023-45539: haproxy (RLSA-2024-8849) Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 11/21/2024 Added 11/19/2024 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) rocky-upgrade-haproxy rocky-upgrade-haproxy-debuginfo rocky-upgrade-haproxy-debugsource References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 https://errata.rockylinux.org/RLSA-2024:8849

Oracle Linux: CVE-2023-46589: ELSA-2024-0539:tomcat security update (IMPORTANT) (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 02/01/2024 Added 01/30/2024 Modified 11/30/2024 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. An improper Input validation flaw was found in Apache Tomcat due to incorrect parsing of HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests, leading to the possibility of request smuggling when behind a reverse proxy. Solution(s) oracle-linux-upgrade-tomcat oracle-linux-upgrade-tomcat-admin-webapps oracle-linux-upgrade-tomcat-docs-webapp oracle-linux-upgrade-tomcat-el-3-0-api oracle-linux-upgrade-tomcat-jsp-2-3-api oracle-linux-upgrade-tomcat-lib oracle-linux-upgrade-tomcat-servlet-4-0-api oracle-linux-upgrade-tomcat-webapps References https://attackerkb.com/topics/cve-2023-46589 CVE - 2023-46589 ELSA-2024-0539 ELSA-2024-1134

Debian: CVE-2023-6351: chromium -- security update Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/29/2023 Created 12/05/2023 Added 12/04/2023 Modified 01/28/2025 Description Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) Solution(s) debian-upgrade-chromium References https://attackerkb.com/topics/cve-2023-6351 CVE - 2023-6351 DSA-5569-1

Amazon Linux AMI: CVE-2023-52845: Security patch for kernel (ALAS-2023-1897) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/29/2023 Created 06/21/2024 Added 06/20/2024 Modified 02/03/2025 Description In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in strlen lib/string.c:418 [inline] BUG: KMSAN: uninit-value in strstr+0xb8/0x2f0 lib/string.c:756 strlen lib/string.c:418 [inline] strstr+0xb8/0x2f0 lib/string.c:756 tipc_nl_node_reset_link_stats+0x3ea/0xb50 net/tipc/node.c:2595 genl_family_rcv_msg_doit net/netlink/genetlink.c:971 [inline] genl_family_rcv_msg net/netlink/genetlink.c:1051 [inline] genl_rcv_msg+0x11ec/0x1290 net/netlink/genetlink.c:1066 netlink_rcv_skb+0x371/0x650 net/netlink/af_netlink.c:2545 genl_rcv+0x40/0x60 net/netlink/genetlink.c:1075 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0xf47/0x1250 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x1238/0x13d0 net/netlink/af_netlink.c:1910 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd Uninit was created at: slab_post_alloc_hook+0x12f/0xb70 mm/slab.h:767 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x577/0xa80 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:559 __alloc_skb+0x318/0x740 net/core/skbuff.c:650 alloc_skb include/linux/skbuff.h:1286 [inline] netlink_alloc_large_skb net/netlink/af_netlink.c:1214 [inline] netlink_sendmsg+0xb34/0x13d0 net/netlink/af_netlink.c:1885 sock_sendmsg_nosec net/socket.c:730 [inline] sock_sendmsg net/socket.c:753 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2541 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2595 __sys_sendmsg net/socket.c:2624 [inline] __do_sys_sendmsg net/socket.c:2633 [inline] __se_sys_sendmsg net/socket.c:2631 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2631 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd TIPC bearer-related names including link names must be null-terminated strings. If a link name which is not null-terminated is passed through netlink, strstr() and similar functions can cause buffer overrun. This causes the above issue. This patch changes the nla_policy for bearer-related names from NLA_STRING to NLA_NUL_STRING. This resolves the issue by ensuring that only null-terminated strings are accepted as bearer-related names. syzbot reported similar uninit-value issue related to bearer names [2]. The root cause of this issue is that a non-null-terminated bearer name was passed. This patch also resolved this issue. Solution(s) amazon-linux-upgrade-kernel References ALAS-2023-1897 CVE-2023-52845

Ubuntu: USN-6526-1 (CVE-2023-44446): GStreamer Bad Plugins vulnerabilities Severity 9 CVSS (AV:N/AC:M/Au:N/C:C/I:C/A:C) Published 11/29/2023 Created 12/01/2023 Added 11/30/2023 Modified 01/28/2025 Description GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299. Solution(s) ubuntu-upgrade-gstreamer1-0-plugins-bad ubuntu-upgrade-libgstreamer-plugins-bad1-0-0 References https://attackerkb.com/topics/cve-2023-44446 CVE - 2023-44446 USN-6526-1

Rocky Linux: CVE-2023-39333: nodejs-20 (RLSA-2023-7205) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 11/28/2023 Created 03/07/2024 Added 08/15/2024 Modified 11/13/2024 Description Deprecated Solution(s)

Huawei EulerOS: CVE-2023-5981: gnutls security update Severity 7 CVSS (AV:N/AC:M/Au:N/C:C/I:N/A:N) Published 11/28/2023 Created 01/30/2024 Added 01/29/2024 Modified 01/28/2025 Description A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. Solution(s) huawei-euleros-2_0_sp11-upgrade-gnutls huawei-euleros-2_0_sp11-upgrade-gnutls-utils References https://attackerkb.com/topics/cve-2023-5981 CVE - 2023-5981 EulerOS-SA-2024-1120

Huawei EulerOS: CVE-2023-45539: haproxy security update Severity 9 CVSS (AV:N/AC:L/Au:N/C:C/I:P/A:N) Published 11/28/2023 Created 01/30/2024 Added 01/29/2024 Modified 01/28/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) huawei-euleros-2_0_sp11-upgrade-haproxy References https://attackerkb.com/topics/cve-2023-45539 CVE - 2023-45539 EulerOS-SA-2024-1121

Apache ActiveMQ: CVE-2022-41678: Deserialization vulnerability on Jolokia that allows authenticated users to perform remote code execution (RCE) Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/28/2023 Created 01/10/2024 Added 01/09/2024 Modified 01/20/2025 Description Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. Solution(s) apache-activemq-upgrade-latest References https://attackerkb.com/topics/cve-2022-41678 CVE - 2022-41678 https://activemq.apache.org/security-advisories.data/CVE-2022-41678-announcement.txt https://lists.apache.org/thread/7g17kwbtjl011mm4tr8bn1vnoq9wh4sl https://security.netapp.com/advisory/ntap-20240216-0004/ https://www.openwall.com/lists/oss-security/2023/11/28/1

Red Hat: CVE-2023-46589: tomcat: HTTP request smuggling via malformed trailer headers (Multiple Advisories) Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 11/28/2023 Created 01/31/2024 Added 01/30/2024 Modified 09/03/2024 Description Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header that exceeded the header size limit could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M11 onwards, 10.1.16 onwards, 9.0.83 onwards or 8.5.96 onwards, which fix the issue. Solution(s) redhat-upgrade-tomcat redhat-upgrade-tomcat-admin-webapps redhat-upgrade-tomcat-docs-webapp redhat-upgrade-tomcat-el-3-0-api redhat-upgrade-tomcat-jsp-2-3-api redhat-upgrade-tomcat-lib redhat-upgrade-tomcat-servlet-4-0-api redhat-upgrade-tomcat-webapps References CVE-2023-46589 RHSA-2024:0532 RHSA-2024:0539 RHSA-2024:1092 RHSA-2024:1134

Gentoo Linux: CVE-2023-30588: Node.js: Multiple Vulnerabilities Severity 5 CVSS (AV:N/AC:L/Au:N/C:N/I:N/A:P) Published 11/28/2023 Created 05/10/2024 Added 05/10/2024 Modified 01/28/2025 Description When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the process terminates when accessing public key info of provided certificates from user code. The current context of the users will be gone, and that will cause a DoS scenario. This vulnerability affects all active Node.js versions v16, v18, and, v20. Solution(s) gentoo-linux-upgrade-net-libs-nodejs References https://attackerkb.com/topics/cve-2023-30588 CVE - 2023-30588 202405-29

Red Hat: CVE-2023-5870: postgresql: Role pg_signal_backend can signal certain superuser processes. (Multiple Advisories) Severity 6 CVSS (AV:N/AC:M/Au:M/C:N/I:N/A:C) Published 11/28/2023 Created 11/30/2023 Added 11/29/2023 Modified 01/28/2025 Description A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack. Solution(s) redhat-upgrade-pg_repack redhat-upgrade-pg_repack-debuginfo redhat-upgrade-pg_repack-debugsource redhat-upgrade-pgaudit redhat-upgrade-pgaudit-debuginfo redhat-upgrade-pgaudit-debugsource redhat-upgrade-postgres-decoderbufs redhat-upgrade-postgres-decoderbufs-debuginfo redhat-upgrade-postgres-decoderbufs-debugsource redhat-upgrade-postgresql redhat-upgrade-postgresql-contrib redhat-upgrade-postgresql-contrib-debuginfo redhat-upgrade-postgresql-debuginfo redhat-upgrade-postgresql-debugsource redhat-upgrade-postgresql-docs redhat-upgrade-postgresql-docs-debuginfo redhat-upgrade-postgresql-plperl redhat-upgrade-postgresql-plperl-debuginfo redhat-upgrade-postgresql-plpython3 redhat-upgrade-postgresql-plpython3-debuginfo redhat-upgrade-postgresql-pltcl redhat-upgrade-postgresql-pltcl-debuginfo redhat-upgrade-postgresql-private-devel redhat-upgrade-postgresql-private-libs redhat-upgrade-postgresql-private-libs-debuginfo redhat-upgrade-postgresql-server redhat-upgrade-postgresql-server-debuginfo redhat-upgrade-postgresql-server-devel redhat-upgrade-postgresql-server-devel-debuginfo redhat-upgrade-postgresql-static redhat-upgrade-postgresql-test redhat-upgrade-postgresql-test-debuginfo redhat-upgrade-postgresql-test-rpm-macros redhat-upgrade-postgresql-upgrade redhat-upgrade-postgresql-upgrade-debuginfo redhat-upgrade-postgresql-upgrade-devel redhat-upgrade-postgresql-upgrade-devel-debuginfo References CVE-2023-5870 RHSA-2023:7545 RHSA-2023:7579 RHSA-2023:7580 RHSA-2023:7581 RHSA-2023:7616 RHSA-2023:7656 RHSA-2023:7666 RHSA-2023:7714 RHSA-2023:7784 RHSA-2023:7785 RHSA-2023:7883 RHSA-2023:7884 RHSA-2023:7885 View more

Red Hat JBossEAP: Deserialization of Untrusted Data (CVE-2022-41678) Severity 7 CVSS (AV:N/AC:H/Au:S/C:C/I:C/A:C) Published 11/28/2023 Created 09/20/2024 Added 09/19/2024 Modified 09/20/2024 Description Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. Solution(s) red-hat-jboss-eap-upgrade-latest References https://attackerkb.com/topics/cve-2022-41678 CVE - 2022-41678 https://access.redhat.com/security/cve/CVE-2022-41678 https://bugzilla.redhat.com/show_bug.cgi?id=2252185

Red Hat: CVE-2023-45539: haproxy: untrimmed URI fragments may lead to exposure of confidential data on static servers (Multiple Advisories) Severity 5 CVSS (AV:N/AC:L/Au:N/C:P/I:N/A:N) Published 11/28/2023 Created 03/07/2024 Added 03/06/2024 Modified 02/10/2025 Description HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server. Solution(s) redhat-upgrade-haproxy redhat-upgrade-haproxy-debuginfo redhat-upgrade-haproxy-debugsource References CVE-2023-45539 RHSA-2024:10267 RHSA-2024:1089 RHSA-2024:1142 RHSA-2024:8849

Debian: CVE-2022-41678: activemq -- security update Severity 9 CVSS (AV:N/AC:L/Au:S/C:C/I:C/A:C) Published 11/28/2023 Created 10/29/2024 Added 10/28/2024 Modified 01/28/2025 Description Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. In details, in ActiveMQ configurations, jetty allows org.jolokia.http.AgentServlet to handler request to /api/jolokia org.jolokia.http.HttpRequestHandler#handlePostRequest is able to create JmxRequest through JSONObject. And calls to org.jolokia.http.HttpRequestHandler#executeRequest. Into deeper calling stacks, org.jolokia.handler.ExecHandler#doHandleRequest can be invoked through refection. This could lead to RCE through via various mbeans. One example is unrestricted deserialization in jdk.management.jfr.FlightRecorderMXBeanImpl which exists on Java version above 11. 1 Call newRecording. 2 Call setConfiguration. And a webshell data hides in it. 3 Call startRecording. 4 Call copyTo method. The webshell will be written to a .jsp file. The mitigation is to restrict (by default) the actions authorized on Jolokia, or disable Jolokia. A more restrictive Jolokia configuration has been defined in default ActiveMQ distribution. We encourage users to upgrade to ActiveMQ distributions version including updated Jolokia configuration: 5.16.6, 5.17.4, 5.18.0, 6.0.0. Solution(s) debian-upgrade-activemq References https://attackerkb.com/topics/cve-2022-41678 CVE - 2022-41678 DLA-3936-1 DSA-5798-1