Multiple vulnerabilities in Red Hat JBoss Core Services
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 9 |
| CVE-ID | CVE-2022-24963 CVE-2022-36760 CVE-2022-37436 CVE-2022-48279 CVE-2023-24021 CVE-2023-27522 CVE-2023-28319 CVE-2023-28321 CVE-2023-28322 |
| CWE-ID | CWE-190 CWE-444 CWE-113 CWE-20 CWE-119 CWE-416 CWE-295 CWE-440 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
JBoss Core Services Server applications / Application servers jbcs-httpd24-mod_security (Red Hat package) Operating systems & Components / Operating system package or component jbcs-httpd24-mod_proxy_cluster (Red Hat package) Operating systems & Components / Operating system package or component jbcs-httpd24-mod_md (Red Hat package) Operating systems & Components / Operating system package or component jbcs-httpd24-mod_http2 (Red Hat package) Operating systems & Components / Operating system package or component jbcs-httpd24-httpd (Red Hat package) Operating systems & Components / Operating system package or component jbcs-httpd24-curl (Red Hat package) Operating systems & Components / Operating system package or component jbcs-httpd24-apr-util (Red Hat package) Operating systems & Components / Operating system package or component jbcs-httpd24-apr (Red Hat package) Operating systems & Components / Operating system package or component |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 9 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU71752
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-24963
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the apr_encode() function. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Inconsistent interpretation of HTTP requests
EUVDB-ID: #VU71242
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-36760
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests in mod_proxy_ajp. A remote attacker can send a specially crafted HTTP request to the web server and smuggle arbitrary HTTP headers to the AJP server it forwards requests to.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) HTTP response splitting
EUVDB-ID: #VU71243
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-37436
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not correctly process CRLF character sequences within the mod_proxy module. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Input validation error
EUVDB-ID: #VU72085
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-48279
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input when parsing HTTP multipart requests. A remote attacker can send specially crafted input to the application and bypass the Web Application Firewall.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU72086
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-24021
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when executing rules that read the FILES_TMP_CONTENT collection. A remote attacker can upload a specially crafted file on the system, trigger memory corruption and execute arbitrary code on the target system or bypass implemented WAF protection rules.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) HTTP response splitting
EUVDB-ID: #VU73106
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27522
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not correclty process CRLF character sequences in mod_proxy_uwsgi. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Use-after-free
EUVDB-ID: #VU76233
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28319
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a use-after-free error when checking the SSH sha256 fingerprint. A remote attacker can use the application to connect to a malicious SSH server, trigger a use-after-free error and gain access to potentially sensitive information.
Successful exploitation of the vulnerability requires usage of the the CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256 option, and also CURLOPT_VERBOSE or CURLOPT_ERRORBUFFER options have to be set.
Install updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Improper certificate validation
EUVDB-ID: #VU76237
Risk: Medium
CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28321
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation when matching wildcards in TLS certificates for IDN names. A remote attacker crate a specially crafted certificate that will be considered trusted by the library.
Successful exploitation of the vulnerability requires that curl is built to use OpenSSL, Schannel or Gskit.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Expected behavior violation
EUVDB-ID: #VU76238
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-28322
CWE-ID:
CWE-440 - Expected Behavior Violation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a logic error when sending HTTP POST and PUT requests using the same handle. The libcurl can erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. As a result, the application can misbehave and either send off the wrong data or use memory after free or similar in the second transfer.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57
jbcs-httpd24-mod_security (Red Hat package): before 2.9.3-29.el8jbcs
jbcs-httpd24-mod_proxy_cluster (Red Hat package): before 1.3.19-4.el8jbcs
jbcs-httpd24-mod_md (Red Hat package): before 2.4.0-25.el8jbcs
jbcs-httpd24-mod_http2 (Red Hat package): before 1.15.19-28.el8jbcs
jbcs-httpd24-httpd (Red Hat package): before 2.4.57-5.el8jbcs
jbcs-httpd24-curl (Red Hat package): before 8.2.1-1.el8jbcs
jbcs-httpd24-apr-util (Red Hat package): before 1.6.1-102.el8jbcs
jbcs-httpd24-apr (Red Hat package): before 1.7.0-8.el8jbcs
External linkshttp://access.redhat.com/errata/RHSA-2023:4629
http://access.redhat.com/errata/RHSA-2023:4628
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
