SB2018042609 - Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018042609

SB2018042609 - Multiple vulnerabilities in Red Hat JBoss Enterprise Application Platform

Published: April 26, 2018

Security Bulletin ID SB2018042609
CSH Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Path traversal (CVE-ID: CVE-2018-1047)

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists in the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method due to path traversal. A remote attacker can gain access to arbitrary local files.

2) HTTP response splitting (CVE-ID: CVE-2018-1067)

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists in the Undertow web server due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. A remote attacker can gain access to potentially sensitive information and write arbitrary files.

3) Improper access control (CVE-ID: CVE-2018-8088)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote unauthenticated attacker to bypass access restrictions on the target system.

The weakness exists in the org.slf4j.ext.EventData class due to improper security restrictions. A remote attacker can send specially crafted input, bypass access restrictions and gain unauthorized access to perform further attacks.

4) Information disclosure (CVE-ID: CVE-2016-4993)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The disclosed vulnerability allows a remote attacker to disclose potentially sensitive data.

The vulnerability is caused by a parsing error when handling specially crafted URLs. A remote attacker can trigger the application to return a split query, which can  lead to content spoofing and cache poisoning attacks. 

Successful exploitation of this vulnerability may allow a remote attacker to get access to potentially sensitive information or perform phishing attacks.


Remediation

Install update from vendor's website.

References