Multiple vulnerabilities in Red Hat Fuse

Published: 2019-08-09 | Updated: 2019-08-09
Severity High
Patch available YES
Number of vulnerabilities 8
CVE ID CVE-2018-1258
CVE-2018-1320
CVE-2018-8088
CVE-2018-15758
CVE-2019-0192
CVE-2016-10750
CVE-2018-10899
CVE-2019-3805
CWE ID CWE-862
CWE-200
CWE-284
CWE-264
CWE-502
CWE-352
Exploitation vector Network
Public exploit Public exploit code for vulnerability #5 is available.
Vulnerable software Fuse Subscribe
Vendor Red Hat Inc.

Security Advisory

1) Missing authorization

Severity: Low

CVSSv3: 6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1258

CWE-ID: CWE-862 - Missing Authorization

Description

The vulnerability allows a remote unauthenticated attacker to bypass security restrictions on the target system.

The weakness exists due to improper security restrictions when using Spring Security method security. A remote attacker can submit a specially crafted request, bypass authorization restrictions and gain unauthorized access to certain methods that should be restricted. 

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Security restrictions bypass

Severity: Low

CVSSv3: 6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-1320

CWE-ID: CWE-200 - Information Exposure

Description

The vulnerability allows a remote attacker to gain access to bypass security restrictions.

The vulnerability exists due to unspecified flaw. A remote attacker can bypass SASL negotiation isComplete validation in the org.apache.thrift.transport.TSaslTransport class. An assert used to determine if the SASL handshake had successfully completed could be disabled in production settings making the validation incomplete.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper access control

Severity: Low

CVSSv3: 6.4 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-8088

CWE-ID: CWE-284 - Improper Access Control

Description

The vulnerability allows a remote unauthenticated attacker to bypass access restrictions on the target system.

The weakness exists in the org.slf4j.ext.EventData class due to improper security restrictions. A remote attacker can send specially crafted input, bypass access restrictions and gain unauthorized access to perform further attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Privilege escalation

Severity: Low

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-15758

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The vulnerability exists in the OAuth2 component of Pivotal Software Spring Security OAuth due to improper security restrictions. A remote unauthenticated attacker can send a specially crafted request and modify a previously saved authorization request to gain elevated privileges.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Deserialization of Untrusted Data

Severity: High

CVSSv3: 9.1 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C] [PCI]

CVE-ID: CVE-2019-0192

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data within the RMI server component. A remote non-authenticated attacker can configure the JMX server via an HTTP POST request to the Config API, make it point to a malicious RMI server and then execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.

6) Deserialization of Untrusted Data

Severity: High

CVSSv3: 8.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2016-10750

CWE-ID: CWE-502 - Deserialization of Untrusted Data

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized passed via the JoinRequest. A remote attacker can send specially crafted data to the application and execute arbitrary Java code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Cross-site request forgery

Severity: Medium

CVSSv3: 5.3 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID: CVE-2018-10899

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Description

The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website and compromise the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Permissions, Privileges, and Access Controls

Severity: Low

CVSSv3: 2.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-3805

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Description

The vulnerability allows a local user to perform denial of service attack.

The vulnerability exists due to  insecure permissions for /var/run/jboss-eap/ file that allows any user with permissions to run init.d scripts to terminate arbitrary process by modifying its PID in /var/run/jboss-eap/.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Fuse: 7.3.0, 7.3.1

CPE External links

https://access.redhat.com/errata/RHSA-2019:2413

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.