SB2021101960 - Multiple vulnerabilities in Oracle Communications Messaging Server

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2021101960

SB2021101960 - Multiple vulnerabilities in Oracle Communications Messaging Server

Published: October 19, 2021

Security Bulletin ID SB2021101960
Severity
Medium
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 83% Low 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2021-29425)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error within the FileNameUtils.normalize method when processing directory traversal sequences, such as "//../foo", or "\..foo". A remote attacker can send a specially crafted request and verify files availability in the parent folder.


2) Infinite loop (CVE-ID: CVE-2021-28657)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop within MP3Parser component. A remote attacker can suply a specially crafted file, consume all available system resources and cause denial of service conditions.


3) Infinite loop (CVE-ID: CVE-2021-31812)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop when processing PDF files. A remote attacker can consume all available system resources and cause denial of service conditions.


4) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2021-21409)

The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests in io.netty:netty-codec-http2 in Netty, if the request only uses a single Http2HeaderFrame with the endStream set to to true. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


5) Resource exhaustion (CVE-ID: CVE-2021-30468)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in the JsonMapObjectReaderWriter. A remote attacker can trigger resource exhaustion by submitting a malformed JSON to a web service and perform a denial of service (DoS) attack.


6) Resource exhaustion (CVE-ID: CVE-2021-36090)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing ZIP archives. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References