SB2020062607 - Red Hat update for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP3

Description

This security bulletin contains information about 9 secuirty vulnerabilities.

1) XML External Entity injection (CVE-ID: CVE-2018-20843)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied XML input including XML names that contain a large number of colons. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.

Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.

2) Use-after-free (CVE-ID: CVE-2019-0196)

The vulnerability allows a remote attacker to perform denial of service attack.

The vulnerability exists due to a use-after-free error within the mod_http2 module when processing HTTP/2 requests. A remote attacker can make the application to access freed memory during string comparison when determining the method of a request and process the request incorrectly.

Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information or perform a denial of service attack.

3) Resource management error (CVE-ID: CVE-2019-0197)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error within the mod_http2 module when processing update requests from http/1.1 to http/2, if this was not the first request on a connection. A remote attacker can send specially crafted requests to the affected server and perform denial of service attack.

Successful exploitation of the vulnerability requires that HTTP/2 protocol is enabled for a "http:" host or H2Upgrade is enabled for h2 on a "https:" host.

4) Out-of-bounds read (CVE-ID: CVE-2019-15903)

The vulnerability allows a remote attacker to gain access to potentially sensitive information or perform denial of service (DoS) attack.

The vulnerability exists due to a boundary error when processing XML documents within the expat library. A remote attacker can create a specially crafted XML file, pass it to the affected application, trigger out-of-bounds read error and read contents of memory on the system or crash the affected application.

5) Memory leak (CVE-ID: CVE-2019-19956)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in xmlParseBalancedChunkMemoryRecover in parser.c. A remote attacker can trigger a memory leak related to newDoc->oldNs and perform denial of service attack.

6) Memory leak (CVE-ID: CVE-2019-20388)

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in xmlSchemaPreRun in xmlschemas.c. A remote attacker can trigger a xmlSchemaValidateStream memory leak and perform denial of service attack.

7) Use of Uninitialized Variable (CVE-ID: CVE-2020-1934)

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to the "mod_proxy_ftp" may use uninitialized memory when proxying to a malicious FTP server. A remote attacker can gain unauthorized access to sensitive information on the target system.

8) Infinite loop (CVE-ID: CVE-2020-7595)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in xmlStringLenDecodeEntities in parser.c. A remote attacker can consume all available system resources and cause denial of service conditions in a certain end-of-file situation.

9) Resource exhaustion (CVE-ID: CVE-2020-11080)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when processing HTTP/2 SETTINGS frames. A remote attacker can trigger high CPU load by sending large HTTP/2 SETTINGS frames and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:2644