Multiple vulnerabilities in Red Hat JBoss Core Services Apache HTTP Server 2.4
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2024-38472 CVE-2024-40898 CVE-2023-38709 |
| CWE-ID | CWE-918 CWE-113 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
JBoss Core Services Server applications / Application servers |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU93539
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2024-38472
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted HTTP request and trick the web server to leak NTLM hashes.
Note, the vulnerability affects Windows installations only.
Install updates from vendor's website.
JBoss Core Services: before 2.4.57 SP6
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2024:6928
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU94503
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:P/U:Amber]
CVE-ID: CVE-2024-40898
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: Yes
DescriptionThe disclosed vulnerability allows a remote attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input in Apache HTTP Server on Windows with mod_rewrite in server/vhost context. A remote attacker can force the web server to leak NTML hashes to a malicious server via SSRF and malicious requests.
Install updates from vendor's website.
JBoss Core Services: before 2.4.57 SP6
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2024:6928
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) HTTP response splitting
EUVDB-ID: #VU88151
Risk: Medium
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-38709
CWE-ID:
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not correctly process CRLF character sequences. A malicious or exploitable backend/content generators can send specially crafted response containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
MitigationInstall updates from vendor's website.
JBoss Core Services: before 2.4.57 SP6
CPE2.3 External linkshttp://access.redhat.com/errata/RHSA-2024:6928
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
