Multiple vulnerabilities in Red Hat AMQ Broker
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2023-1664 CVE-2023-2976 CVE-2023-33008 |
| CWE-ID | CWE-295 CWE-276 CWE-502 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
AMQ Broker Server applications / Application servers |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Improper Certificate Validation
EUVDB-ID: #VU77752
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-1664
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass client certificate validation.
The vulnerability exists due to improper certificate validation when using X509 Client Certificate Authenticatior with the option "Revalidate Client Certificate". A remote attacker with ability to directly connect to Keycloak (e.g. not via the reverse proxy) can bypass certificate validation and gain unauthorized access to the application.
Successful exploitation of the vulnerability requires that there's a configuration error in KC_SPI_TRUSTSTORE_FILE_FILE, which results in accepting any certificate with the logging information of "Cannot validate client certificate trust: Truststore not available".
MitigationInstall updates from vendor's website.
AMQ Broker: 7.0 - 7.11.1
CPE2.3- cpe:2.3:a:red_hat:amq_broker:7.0:*:*:*:*:jboss_application_server:*:*
- cpe:2.3:a:red_hat:amq_broker:7.1:*:*:*:*:jboss_application_server:*:*
- cpe:2.3:a:red_hat:amq_broker:7.2:*:*:*:*:jboss_application_server:*:*
https://access.redhat.com/errata/RHSA-2023:5491
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Incorrect default permissions
EUVDB-ID: #VU77107
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2023-2976
CWE-ID:
CWE-276 - Incorrect Default Permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in com.google.common.io.FileBackedOutputStream. A local user with access to the system can view contents of files and directories or modify them.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.0 - 7.11.1
CPE2.3- cpe:2.3:a:red_hat:amq_broker:7.0:*:*:*:*:jboss_application_server:*:*
- cpe:2.3:a:red_hat:amq_broker:7.1:*:*:*:*:jboss_application_server:*:*
- cpe:2.3:a:red_hat:amq_broker:7.2:*:*:*:*:jboss_application_server:*:*
https://access.redhat.com/errata/RHSA-2023:5491
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Deserialization of Untrusted Data
EUVDB-ID: #VU80782
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-33008
CWE-ID:
CWE-502 - Deserialization of Untrusted Data
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insecure input validation when processing serialized data. A remote attacker can pass specially crafted JSON input that uses large numbers (numbers such as 1e20000000) to the application and perform a denial of service attack.
MitigationInstall updates from vendor's website.
AMQ Broker: 7.0 - 7.11.1
CPE2.3- cpe:2.3:a:red_hat:amq_broker:7.0:*:*:*:*:jboss_application_server:*:*
- cpe:2.3:a:red_hat:amq_broker:7.1:*:*:*:*:jboss_application_server:*:*
- cpe:2.3:a:red_hat:amq_broker:7.2:*:*:*:*:jboss_application_server:*:*
https://access.redhat.com/errata/RHSA-2023:5491
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
