[Bug 2074788] New: CVE-2021-31805 Apache Struts: Forced OGNL evaluation, when evaluated on raw not validated user input in tag attributes, may lead to RCE.
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2074788
Bug ID: 2074788
Summary: CVE-2021-31805 Apache Struts: Forced OGNL evaluation,
when evaluated on raw not validated user input in tag
attributes, may lead to RCE.
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: ahanwate(a)redhat.com
CC: aileenc(a)redhat.com, chazlett(a)redhat.com,
dbhole(a)redhat.com, drieden(a)redhat.com,
extras-orphan(a)fedoraproject.org, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jjelen(a)redhat.com, jochrist(a)redhat.com,
jwon(a)redhat.com, krathod(a)redhat.com,
loleary(a)redhat.com, pjindal(a)redhat.com,
puntogil(a)libero.it, spinder(a)redhat.com,
theute(a)redhat.com
Target Milestone: ---
Classification: Other
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0
to 2.5.29, still some of the tag’s attributes could perform a double evaluation
if a developer applied forced OGNL evaluation by using the %{...} syntax. Using
forced OGNL evaluation on untrusted user input can lead to a Remote Code
Execution and security degradation.
https://cwiki.apache.org/confluence/display/WW/S2-062
http://www.openwall.com/lists/oss-security/2022/04/12/6
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2074788
2 years
[Bug 2032580] New: CVE-2021-45046 log4j-core: thread context message pattern and context lookup pattern vulnerable to DoS
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2032580
Bug ID: 2032580
Summary: CVE-2021-45046 log4j-core: thread context message
pattern and context lookup pattern vulnerable to DoS
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: low
Priority: low
Assignee: security-response-team(a)redhat.com
Reporter: gsuckevi(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
aos-bugs(a)redhat.com, asoldano(a)redhat.com,
atangrin(a)redhat.com, ataylor(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bdettelb(a)redhat.com, bgeorges(a)redhat.com,
bibryam(a)redhat.com, bkearney(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
boliveir(a)redhat.com, brian.stansberry(a)redhat.com,
btotty(a)redhat.com, caswilli(a)redhat.com,
cdewolf(a)redhat.com, chazlett(a)redhat.com,
clement.escoffier(a)redhat.com, dandread(a)redhat.com,
darran.lofthouse(a)redhat.com, dbecker(a)redhat.com,
dbhole(a)redhat.com, devrim(a)gunduz.org,
dkreling(a)redhat.com, dosoudil(a)redhat.com,
drieden(a)redhat.com, ehelms(a)redhat.com,
eleandro(a)redhat.com, eparis(a)redhat.com,
etirelli(a)redhat.com, ewolinet(a)redhat.com,
fjuma(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gsmet(a)redhat.com,
hamadhan(a)redhat.com, hbraun(a)redhat.com,
hhorak(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jburrell(a)redhat.com, jcantril(a)redhat.com,
jjoyce(a)redhat.com, jnethert(a)redhat.com,
jochrist(a)redhat.com, jokerman(a)redhat.com,
jorton(a)redhat.com, jpallich(a)redhat.com,
jperkins(a)redhat.com, jrokos(a)redhat.com,
jross(a)redhat.com, jschluet(a)redhat.com,
jsherril(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kaycoth(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, lgao(a)redhat.com, lhh(a)redhat.com,
lpeer(a)redhat.com, lthon(a)redhat.com, lzap(a)redhat.com,
mburns(a)redhat.com, mhulan(a)redhat.com,
mizdebsk(a)redhat.com, mkolesni(a)redhat.com,
mmccune(a)redhat.com, mnovotny(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
mszynkie(a)redhat.com, myarboro(a)redhat.com,
nmoumoul(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, orabin(a)redhat.com,
pantinor(a)redhat.com, paul.wouters(a)aiven.io,
pcreech(a)redhat.com, pdelbell(a)redhat.com,
pdrozd(a)redhat.com, peholase(a)redhat.com,
pgallagh(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, probinso(a)redhat.com,
rchan(a)redhat.com, rguimara(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
sbiarozk(a)redhat.com, sclewis(a)redhat.com,
scohen(a)redhat.com, sd-operator-metering(a)redhat.com,
sdouglas(a)redhat.com, slinaber(a)redhat.com,
smaestri(a)redhat.com, sponnaga(a)redhat.com,
sthorger(a)redhat.com, swoodman(a)redhat.com,
tbrisker(a)redhat.com, tflannag(a)redhat.com,
tom.jenkinson(a)redhat.com, tzimanyi(a)redhat.com,
vkumar(a)redhat.com, yborgess(a)redhat.com
Target Milestone: ---
Classification: Other
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was
incomplete in certain non-default configurations. This could allows attackers
with control over Thread Context Map (MDC) input data when the logging
configuration uses a non-default Pattern Layout with either a Context Lookup
(for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or
%MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a
denial of service (DOS) attack. Log4j 2.15.0 restricts JNDI LDAP lookups to
localhost by default. Note that previous mitigations involving configuration
such as to set the system property `log4j2.noFormatMsgLookup` to `true` do NOT
mitigate this specific vulnerability.
Log4j 2.16.0 fixes this issue by removing support for message lookup patterns
and disabling JNDI functionality by default.
This issue can be mitigated in prior releases (<2.16.0) by removing the
JndiLookup class from the classpath (example: zip -q -d log4j-core-*.jar
org/apache/logging/log4j/core/lookup/JndiLookup.class).
Reference:
https://www.openwall.com/lists/oss-security/2021/12/14/4
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2032580
2 years