CERT-In Vulnerability Note
CIVN-2020-0255
Multiple Vulnerabilities in Red Hat JBoss
Original Issue Date:June 29, 2020
Severity Rating: HIGH
Software Affected
- Red Hat JBoss Core Services 1 for RHEL 7 x86_64
- Red Hat JBoss Core Services 1 for RHEL 6 x86_64
- Red Hat JBoss Core Services 1 for RHEL 6 i386
- Red Hat JBoss Core Services Text-Only Advisories x86_64
Overview
Multiple vulnerabilities have been reported in Red Hat JBoss which could be exploited by an attacker to cause denial of service conditions or gain access to sensitive information on a targeted system.
Description
1. Use-After-Free Vulnerability
(
CVE-2019-0196
)
This vulnerability exists in the mod_http2 module of Apache HTTP server due to a use-after-free error on string comparison. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
2. Memory Corruption Vulnerability
(
CVE-2019-0197
)
This vulnerability exists in the mod_http2 module of Apache HTTP server due to an error when HTTP/2 or H2Upgrade was enabled for http/https host. A remote attacker could exploit this vulnerability by sending a specially crafted request.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
3. Denial of Service Vulnerability
(
CVE-2018-20843
)
This vulnerability exists in libexpat in Expat due to improper restriction of XML parser. An attacker could exploit this vulnerability by sending crafted XML input which included XML names containing a large number of colons resulting in excessive consumption of RAM and CPU resources.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
4. Buffer Over-Read Vulnerability
(
CVE-2019-15903
)
This vulnerability exists in libexpat in Expat due to improper restriction of XML parser. An attacker could exploit this vulnerability by sending crafted XML input leading to earlier processing from DTD parsing to document parsing. This could lead to crashing of the target system.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
5. Denial of Service Vulnerability
(
CVE-2019-19956
)
This vulnerability exists in xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 due to a memory leak error related to newDoc->oldNs.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
6. Denial of Service Vulnerability
(
CVE-2019-20388
)
This vulnerability exists in xmlSchemaPreRun in xmlschemas.c in libxml2 due to a memory leak error.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
7. Denial of Service Vulnerability
(
CVE-2020-7595
)
This vulnerability exists in xmlStringLenDecodeEntities in parser.c in libxml2 due to incorrect handling of XML files. This vulnerability could lead to infinite loop in a certain end-of-file situation.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
8. Information Disclosure Vulnerability
(
CVE-2020-1934
)
This vulnerability exists in mod_proxy_ftp module of Apache HTTP server due to the use of uninitialized memory variable while proxying to a malicious FTP server.
Successful exploitation of this vulnerability could allow the attacker to gain access to sensitive information.
9. Denial of Service Vulnerability
(
CVE-2020-11080
)
This vulnerability exists in nghttp2 due to improper neutralization of input. An attacker could exploit this vulnerability by repeatedly constructing a SETTINGS frame with a length of 14,400 bytes resulting in excessive usage of RAM.
Successful exploitation of this vulnerability could allow the attacker to cause denial of service conditions.
Solution
Apply appropriate updates as mentioned in the vendor advisory
https://access.redhat.com/errata/RHSA-2020:2646
https://access.redhat.com/errata/RHSA-2020:2644
Vendor Information
Red Hat JBoss
https://access.redhat.com/errata/RHSA-2020:2646
https://access.redhat.com/errata/RHSA-2020:2644
References
Red Hat
https://access.redhat.com/errata/RHSA-2020:2646
https://access.redhat.com/errata/RHSA-2020:2644
https://access.redhat.com/security/cve/CVE-2019-0196
https://access.redhat.com/security/cve/CVE-2019-0197
https://access.redhat.com/security/cve/CVE-2019-19956
https://access.redhat.com/security/cve/CVE-2018-20843
https://access.redhat.com/security/cve/CVE-2020-7595
https://access.redhat.com/security/cve/CVE-2019-15903
https://access.redhat.com/security/cve/CVE-2020-1934
https://access.redhat.com/security/cve/cve-2020-11080
CVE Name
CVE-2019-0196
CVE-2019-0197
CVE-2018-20843
CVE-2019-15903
CVE-2019-19956
CVE-2019-20388
CVE-2020-7595
CVE-2020-1934
CVE-2020-11080
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|