Multiple vulnerabilities in Red Hat JBoss Core Services



Published: 2021-04-16
Risk Medium
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2021-3449
CVE-2021-3450
CWE-ID CWE-476
CWE-254
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe
jbcs-httpd24-openssl-pkcs11 (Red Hat package)
Operating systems & Components / Operating system package or component

jbcs-httpd24-openssl-chil (Red Hat package)
Operating systems & Components / Operating system package or component

jbcs-httpd24-nghttp2 (Red Hat package)
Operating systems & Components / Operating system package or component

jbcs-httpd24-mod_security (Red Hat package)
Operating systems & Components / Operating system package or component

jbcs-httpd24-mod_md (Red Hat package)
Operating systems & Components / Operating system package or component

jbcs-httpd24-mod_http2 (Red Hat package)
Operating systems & Components / Operating system package or component

jbcs-httpd24-httpd (Red Hat package)
Operating systems & Components / Operating system package or component

JBoss Core Services
Server applications / Application servers

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) NULL pointer dereference

EUVDB-ID: #VU51733

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-3449

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when processing TLSv1.2 renegotiations. A remote attacker can send a maliciously crafted renegotiation ClientHello message, which omits the signature_algorithms extension but includes a signature_algorithms_cert extension, trigger a NULL pointer dereference error and crash the server.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jbcs-httpd24-openssl-pkcs11 (Red Hat package): 0.4.10-7.jbcs.el7 - 0.4.10-18.jbcs.el7

jbcs-httpd24-openssl-chil (Red Hat package): 1.0.0-3.jbcs.el7

jbcs-httpd24-nghttp2 (Red Hat package): 1.39.2-1.jbcs.el7 - 1.39.2-35.jbcs.el7

jbcs-httpd24-mod_security (Red Hat package): 2.9.2-16.GA.jbcs.el7 - 2.9.2-58.GA.jbcs.el7

jbcs-httpd24-mod_md (Red Hat package): 2.0.8-24.jbcs.el7 - 2.0.8-31.jbcs.el7

jbcs-httpd24-mod_http2 (Red Hat package): 1.15.7-3.jbcs.el7 - 1.15.7-12.jbcs.el7

jbcs-httpd24-httpd (Red Hat package): 2.4.37-33.jbcs.el7 - 2.4.37-66.jbcs.el7

JBoss Core Services: All versions

External links

http://access.redhat.com/errata/RHSA-2021:1199


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Security features bypass

EUVDB-ID: #VU51732

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-3450

CWE-ID: CWE-254 - Security Features

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to an error in implementation of the X509_V_FLAG_X509_STRICT flag allows an attacker to overwrite a valid CA certificate using any non-CA certificate in the chain. As a result, a remote attacker can perform MitM attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

jbcs-httpd24-openssl-pkcs11 (Red Hat package): 0.4.10-7.jbcs.el7 - 0.4.10-18.jbcs.el7

jbcs-httpd24-openssl-chil (Red Hat package): 1.0.0-3.jbcs.el7

jbcs-httpd24-nghttp2 (Red Hat package): 1.39.2-1.jbcs.el7 - 1.39.2-35.jbcs.el7

jbcs-httpd24-mod_security (Red Hat package): 2.9.2-16.GA.jbcs.el7 - 2.9.2-58.GA.jbcs.el7

jbcs-httpd24-mod_md (Red Hat package): 2.0.8-24.jbcs.el7 - 2.0.8-31.jbcs.el7

jbcs-httpd24-mod_http2 (Red Hat package): 1.15.7-3.jbcs.el7 - 1.15.7-12.jbcs.el7

jbcs-httpd24-httpd (Red Hat package): 2.4.37-33.jbcs.el7 - 2.4.37-66.jbcs.el7

JBoss Core Services: All versions

External links

http://access.redhat.com/errata/RHSA-2021:1199


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###