CVE-2020-13920 Description Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component…
Read More
CVE-2020-11998 Description A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13 Mitigation We recommend upgrading to a version of this component that is not vulnerable…
Read More
CVE-2020-11996 Description A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage for several seconds. If a sufficient number of such requests were made on concurrent HTTP/2 connections, the server could become unresponsive. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package.…
Read More
CVE-2020-11994 Description Server-Side Template Injection and arbitrary file disclosure on Camel templating components Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue and setting the `allowContextMapAll` to `false` when creating or populating a variable map with the aforementioned methods. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-11994 http://mail-archives.apache.org/mod_mbox/camel-dev/202007.mbox/%3C930536203.2120024.1594212209741@mail.yahoo.com%3E https://camel.apache.org/security/CVE-2020-11994.html https://issues.apache.org/jira/browse/CAMEL-15013 https://issues.apache.org/jira/browse/CAMEL-15050 Project…
Read More
CVE-2020-11971 Description Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. If upgrading is not possible, avoid the usage of JMX connector. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control.…
Read More
CVE-2020-11969 Description If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. "Alternatively, users may wish to remove the `useJMX` option from the URI (the default is `false`)." Reference: (https://lists.apache.org/thread.html/rbd23418646dedda70a546331ea1c1d115b8975b7e7dc452d10e2e773%40%3Cdev.tomee.apache.org%3E) Note: If this component is included as…
Read More
CVE-2020-11023 Description In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Alternatively, a workaround is provided by (https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6): >To workaround this issue without upgrading, use DOMPurify with its `SAFE_FOR_JQUERY` option to sanitize the HTML string before passing it to a jQuery method.…
Read More
CVE-2019-8331 Description In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. Mitigation We recommend upgrading to a version of this component that is not vulnerable to this specific issue. Note: If this component is included as a bundled/transitive dependency of another component, there may not be an upgrade path. In this instance, we recommend contacting the maintainers who included the vulnerable package. Alternatively, we recommend investigating alternative components or a potential mitigating control. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-8331 https://github.com/twbs/bootstrap/pull/28236 https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/ Project Category n/a Tags data Date Disclosed 2019-02-20 Date Discovered 2019-02-13 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel…
Read More
CVE-2019-17573 Description By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. Related links: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17573 http://cxf.apache.org/security-advisories.data/CVE-2019-17573.txt.asc?version=1&modificationDate=1579178542000&api=v2 https://openliberty.io/docs/latest/security-vulnerabilities.html Project Category Cross Site Scripting Tags data Date Disclosed 2020-01-16 Date Discovered 2019-10-14 JTVCYnJhbmNoX2xpc3QlNUQlNUIlMkZicmFuY2hfbGlzdCU1RA== Feel Vulnerable? Contact us so we can…
Read More
CVE-2019-17571 Description Included in Log4j 1.2 is a SocketServer class that is vulnerable to deserialization of untrusted data which can be exploited to remotely execute arbitrary code when combined with a deserialization gadget when listening to untrusted network traffic for log data. This affects Log4j versions up to 1.2 up to 1.2.17. Mitigation Starting with version(s) 2.x, `log4j:log4j` was relocated to `org.apache.logging.log4j:log4j-core`. A variation of this vulnerability exists in `org.apache.logging.log4j:log4j-core` as CVE-2017-5645, in versions up to but excluding 2.8.2. Therefore, it is recommended to upgrade to `org.apache.logging.log4j:log4j-core` version(s) 2.8.2 and above. For `log4j:log4j` 1.x versions however, a fix does not…
Read More
