SB2018050312 - Red Hat update for jboss
Published: May 3, 2018 Updated: April 15, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) LDAP injection (CVE-ID: CVE-2016-8750)
CWE-ID: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.
The weakness exists in the LDAPLoginModule function due to improper security restrictions. A remote attacker can perform a Lightweight Directory Access Protocol (LDAP) injection attack and cause the service to crash.
2) Cross-site scripting (CVE-ID: CVE-2017-7559)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) HTTP response splitting (CVE-ID: CVE-2017-12165)
CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to write arbitrary files on the target system.
The weakness exists due to processing http request headers with unusual whitespaces. A remote attacker can trick the victim into opening specially crafted input and cause http request smuggling.
4) Infinite loop (CVE-ID: CVE-2017-12626)
CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to infinite loops while parsing specially crafted WMF, EMF, MSG and macros and out of Memory exceptions while parsing specially crafted DOC, PPT and XLS. A remote attacker can cause the service to crash.
5) Command injection (CVE-ID: CVE-2017-1000487)
CWE-ID: CWE-77 - Command injection
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary commands on the target system.
The weakness exists due to command injection when mishandling of double quoted strings. A remote attacker can submit specially crafted web content, inject and execute arbitrary commands.
6) HTTP response splitting (CVE-ID: CVE-2017-2666)
CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform a phishing attack
The vulnerability exists due to an error when processing headers in HTTP requests in Undertow. A remote attacker can create a specially crafted HTTP request, split the HTTP response from server and poison the web cache.
Successful exploitation of the vulnerability may allow an attacker to poison web cache and perform phishing or XSS attacks against website visitors.
Remediation
Install update from vendor's website.