Multiple vulnerabilities in Red Hat AMQ Broker



Published: 2020-03-27
Risk Medium
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2019-0222
CVE-2019-9511
CVE-2019-9512
CVE-2019-9514
CVE-2019-9515
CVE-2019-9516
CVE-2019-9517
CVE-2019-9518
CVE-2019-10241
CVE-2019-10247
CVE-2019-16869
CVE-2019-20444
CVE-2019-20445
CVE-2020-7238
CWE-ID CWE-400
CWE-399
CWE-79
CWE-20
CWE-444
CWE-113
Exploitation vector Network
Public exploit Public exploit code for vulnerability #12 is available.
Vulnerable software
Subscribe 		AMQ Broker
Server applications / Application servers

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Resource exhaustion

EUVDB-ID: #VU19300

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-0222

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when processing corrupt MQTT frames. A remote attacker can consume all memory resources on the system and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Resource exhaustion

EUVDB-ID: #VU20196

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9511

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing HTTP/2 requests. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that support for HTTP/2 is enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Resource exhaustion

EUVDB-ID: #VU20200

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9512

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Resource exhaustion

EUVDB-ID: #VU20201

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9514

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Resource management error

EUVDB-ID: #VU20337

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9515

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in HTTP/2 implementation when processing SETTINGS frames. A remote attacker can send a huge amount of  SETTINGS frames to the peer and consume excessive CPU and memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Resource exhaustion

EUVDB-ID: #VU20198

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9516

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation when processing HTTP/2 requests within the ngx_http_v2_module module. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.

Successful exploitation of the vulnerability requires that support for HTTP/2 is enabled.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Resource management error

EUVDB-ID: #VU20340

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9517

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of HTTP/2 protocol. A remote attacker can  open the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Resource exhaustion

EUVDB-ID: #VU20199

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-9518

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user-supplied input within the HTTP.sys driver when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Cross-site scripting

EUVDB-ID: #VU26320

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-10241

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Improper input validation

EUVDB-ID: #VU25067

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-10247

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Integrator Acquistion System (Eclipse Jetty) component in Oracle Endeca Information Discovery Integrator. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU22825

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-16869

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to improper input validation when processing a whitespace before the colon in HTTP headers (e.g. "Transfer-Encoding : chunked"). A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU25355

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-20444

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to incorrect processing of HTTP headers without the colon within the HttpObjectDecoder.java file in Netty. A remote attacker can send a specially crafted HTTP request to the application and perform HTTP request smuggling attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) HTTP response splitting

EUVDB-ID: #VU25598

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-20445

CWE-ID: CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP splitting attacks.

The vulnerability exists due to software does not corrector process CRLF character sequences within the HttpObjectDecoder.java in Netty, which allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.

Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU25353

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7238

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to improper input validation when processing a whitespace before the colon in HTTP headers (e.g. "Transfer-Encoding : chunked") and a later Content-Length header. A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.

This issue exists because of an incomplete fix for CVE-2019-16869 (SB2019092616).

Mitigation

Install updates from vendor's website.

Vulnerable software versions

AMQ Broker: 7.0 - 7.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2020:0922

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###