SB2020032330 - Multiple vulnerabilities in Red Hat Single Sign-On 7.3

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020032330

SB2020032330 - Multiple vulnerabilities in Red Hat Single Sign-On 7.3

Published: March 23, 2020 Updated: April 24, 2025

Security Bulletin ID SB2020032330
Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 64% Low 36%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Infinite loop (CVE-ID: CVE-2019-0205)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing user-supplied input. A remote attacker can pass malicious input to the application and consume all available system resources or cause denial of service conditions.


2) Input validation error (CVE-ID: CVE-2019-0210)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in TJSONProtocol and TSimpleJSONProtocol. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


3) Protection mechanism failure (CVE-ID: CVE-2019-10086)

The vulnerability allows a remote attacker to bypass certain security restrictions.

The vulnerability exist due to Beanutils is not using by default the a special BeanIntrospector class in PropertyUtilsBean that was supposed to suppress the ability for an attacker to access the classloader via the class property available on all Java objects. A remote attacker can abuse such application behavior against applications that were developed to rely on this security feature.


4) XML External Entity Reference (CVE-ID: CVE-2019-12400)

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to the loading of XML parsing code from an untrusted source. A remote attacker can exploit this vulnerability to launch further attacks on the system when validating signed documents. 


5) Information disclosure (CVE-ID: CVE-2019-14885)

The vulnerability allows a remote authenticated user to gain access to sensitive information.

A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information.


6) Cryptographic issues (CVE-ID: CVE-2019-14887)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists in Wildfly. The 'enabled-protocols' value in legacy security is not respected if OpenSSL security provider is in use. A remote attacker can abuse this issue to gain access to sensitive information.


7) Improper access control (CVE-ID: CVE-2019-20330)

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions related to net.sf.ehcache in FasterXML jackson-databind. A remote attacker can bypass implemented security restrictions and gain unauthorized access to the application.


8) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2019-20444)

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to incorrect processing of HTTP headers without the colon within the HttpObjectDecoder.java file in Netty. A remote attacker can send a specially crafted HTTP request to the application and perform HTTP request smuggling attack.


9) HTTP response splitting (CVE-ID: CVE-2019-20445)

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not corrector process CRLF character sequences within the HttpObjectDecoder.java in Netty, which allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.


10) Information disclosure (CVE-ID: CVE-2020-1744)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists when configuring an Conditional OTP Authentication Flow as a post login flow of an IDP, the failure login events for OTP are not being sent to the brute force protection event queue. So BruteForceProtector does not handle this events. A remote attacker can gain unauthorized access to sensitive information on the system.


11) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2020-7238)

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to improper input validation when processing a whitespace before the colon in HTTP headers (e.g. "Transfer-Encoding : chunked") and a later Content-Length header. A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.

This issue exists because of an incomplete fix for CVE-2019-16869 (SB2019092616).


Remediation

Install update from vendor's website.

References