SB2022032127 - Multiple vulnerabilities in cPanel EasyApache 4 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2022032127

SB2022032127 - Multiple vulnerabilities in cPanel EasyApache 4

Published: March 21, 2022 Updated: June 29, 2022

Security Bulletin ID SB2022032127
Severity
High
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 29% Medium 57% Low 14%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Out-of-bounds write (CVE-ID: CVE-2022-23943)

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input in mod_sed. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.


2) Integer overflow (CVE-ID: CVE-2022-22721)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow within the ap_escape_html2() function when parsing LimitXMLRequestBody. A remote attacker can send a specially crafted request to the web server, trigger an integer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-22720)

The vulnerability allows a remote attacker to preform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.


4) Input validation error (CVE-ID: CVE-2022-22719)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to use of uninitialized value in r:parsebody. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


5) Path traversal (CVE-ID: CVE-2021-22720)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to remote code execution when restoring a project..


6) Path traversal (CVE-ID: CVE-2021-22719)

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote authenticated attacker can send a specially crafted HTTP request and read arbitrary files on the system, leading to remote code execution when a file is uploaded.


7) Untrusted search path (CVE-ID: CVE-2022-22943)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insecure loading of files. A local privileged user on the guest OS can place a specially crafted library into the current working directory and execute arbitrary code with elevated (SYSTEM) privileges on the guest OS.


Remediation

Install update from vendor's website.

References