All the vulnerabilites related to Siemens - SINEC NMS
cve-2024-47808
Vulnerability from cvelistv5
Published
2024-11-12 12:49
Modified
2024-11-12 16:25
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.
This could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinec_nms",
"vendor": "siemens",
"versions": [
{
"lessThan": "v3.0_sp1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-47808",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-12T16:24:29.177504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T16:25:18.148Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.\r\nThis could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-12T12:49:48.462Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-47808",
"datePublished": "2024-11-12T12:49:48.462Z",
"dateReserved": "2024-10-02T12:40:26.553Z",
"dateUpdated": "2024-11-12T16:25:18.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33735
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.843Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:34",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33735",
"datePublished": "2021-10-12T09:49:34",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.843Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46280
Vulnerability from cvelistv5
Published
2024-05-14 10:01
Modified
2024-12-10 13:53
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions < V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions < V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46280",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-29T14:20:28.448026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:22:08.819Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Security Configuration Tool (SCT)",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Automation Tool",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC BATCH V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 SP2 Upd5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V16 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC NET PC Software V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS 7 V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 SP2 UC05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PDM V9.2",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.2 SP2 Upd3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC Route Control V9.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V9.1 SP2 Upd3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-PCT",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.5 SP3 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC STEP 7 V5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.7 SP3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.18 P025",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC OA V3.19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.19 P010",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Advanced",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Professional V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V16 Update 6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Professional V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Professional V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC Runtime Professional V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V7.5 SP2 Update 17",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC WinCC V8.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V8.0 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINAMICS Startdrive",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK ONE virtual",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V6.23",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINUMERIK PLC Programming Tool",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.3.12",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "TIA Portal Cloud Connector",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions \u003c V5.0 SP2), SIMATIC BATCH V9.1 (All versions \u003c V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions \u003c V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions \u003c V18 SP1), SIMATIC NET PC Software V19 (All versions \u003c V19 Update 2), SIMATIC PCS 7 V9.1 (All versions \u003c V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions \u003c V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions \u003c V9.1 SP2 Upd3), SIMATIC S7-PCT (All versions \u003c V3.5 SP3 Update 6), SIMATIC STEP 7 V5 (All versions \u003c V5.7 SP3), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions \u003c V3.18 P025), SIMATIC WinCC OA V3.19 (All versions \u003c V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions \u003c V17 Update 8), SIMATIC WinCC Runtime Professional V16 (All versions \u003c V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions \u003c V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions \u003c V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions \u003c V19 Update 2), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions \u003c V8.0 Update 5), SINAMICS Startdrive (All versions \u003c V19 SP1), SINEC NMS (All versions \u003c V3.0), SINEC NMS (All versions \u003c V3.0 SP1), SINUMERIK ONE virtual (All versions \u003c V6.23), SINUMERIK PLC Programming Tool (All versions \u003c V3.3.12), TIA Portal Cloud Connector (All versions \u003c V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125: Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-10T13:53:28.579Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-962515.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46280",
"datePublished": "2024-05-14T10:01:52.069Z",
"dateReserved": "2023-10-20T08:02:52.794Z",
"dateUpdated": "2024-12-10T13:53:28.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33721
Vulnerability from cvelistv5
Published
2021-08-10 10:35
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.827Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:37",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-756744.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33721",
"datePublished": "2021-08-10T10:35:32",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33722
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:23",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system has a Path Traversal vulnerability when exporting a firmware container. With this a privileged authenticated attacker could create arbitrary files on an affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33722",
"datePublished": "2021-10-12T09:49:23",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33734
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:34",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33734",
"datePublished": "2021-10-12T09:49:34",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41938
Vulnerability from cvelistv5
Published
2024-08-13 07:54
Modified
2024-08-13 13:18
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
5.1 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41938",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:17:45.421587Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:18:07.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V3.0). The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is installed on."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:54:30.281Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41938",
"datePublished": "2024-08-13T07:54:30.281Z",
"dateReserved": "2024-07-24T14:36:27.564Z",
"dateUpdated": "2024-08-13T13:18:07.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33728
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.903Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:28",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to upload JSON objects that are deserialized to JAVA objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a crafted serialized Java object. An exploit could allow the attacker to execute arbitrary code on the device with root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-502: Deserialization of Untrusted Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33728",
"datePublished": "2021-10-12T09:49:28",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.903Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24281
Vulnerability from cvelistv5
Published
2022-03-08 00:00
Modified
2025-04-21 13:55
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Siemens | SINEC NMS | |
| Siemens | SINEMA Server V14 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:23:48.505857Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:55:44.864Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Server V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0.3), SINEMA Server V14 (All versions). A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T10:20:51.269Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-24281",
"datePublished": "2022-03-08T00:00:00.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:55:44.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-44315
Vulnerability from cvelistv5
Published
2023-10-10 10:21
Modified
2025-02-27 20:44
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:59:52.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-44315",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:49:23.072181Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:44:59.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:04:29.466Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-44315",
"datePublished": "2023-10-10T10:21:41.852Z",
"dateReserved": "2023-09-28T13:54:53.927Z",
"dateUpdated": "2025-02-27T20:44:59.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46284
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:40.702Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2407",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp and 4004/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:29:54.329Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46284",
"datePublished": "2023-12-12T11:27:15.737Z",
"dateReserved": "2023-10-20T10:29:46.260Z",
"dateUpdated": "2025-01-14T10:29:54.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33732
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.873Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:32",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33732",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33732",
"datePublished": "2021-10-12T09:49:32",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41939
Vulnerability from cvelistv5
Published
2024-08-13 07:54
Modified
2024-08-13 14:21
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinec_nms",
"vendor": "siemens",
"versions": [
{
"lessThan": "3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41939",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T14:20:26.504156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:21:41.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:54:31.595Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41939",
"datePublished": "2024-08-13T07:54:31.595Z",
"dateReserved": "2024-07-24T14:47:36.388Z",
"dateUpdated": "2024-08-13T14:21:41.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37201
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:02.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:54",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP1). The web interface of affected devices is vulnerable to a Cross-Site Request Forgery (CSRF) attack. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37201",
"datePublished": "2021-09-14T10:47:54",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:02.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33736
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.869Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:35",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33736",
"datePublished": "2021-10-12T09:49:35",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.869Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30527
Vulnerability from cvelistv5
Published
2023-10-10 10:20
Modified
2025-02-27 20:46
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries.
This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:48:36.445Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-30527",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:30.369194Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:46:20.307Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries.\r\n\r\nThis could allow an authenticated local attacker to inject arbitrary code and escalate privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732: Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T12:04:05.773Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-160243.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-160243.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-30527",
"datePublished": "2023-10-10T10:20:55.760Z",
"dateReserved": "2022-05-10T11:11:17.909Z",
"dateUpdated": "2025-02-27T20:46:20.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36398
Vulnerability from cvelistv5
Published
2024-08-13 07:54
Modified
2024-08-13 13:26
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application executes a subset of its services as `NT AUTHORITY\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinec_nms",
"vendor": "siemens",
"versions": [
{
"lessThan": "3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36398",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:05:06.842738Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:26:17.671Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V3.0). The affected application executes a subset of its services as `NT AUTHORITY\\SYSTEM`. This could allow a local attacker to execute operating system commands with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 8.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-250",
"description": "CWE-250: Execution with Unnecessary Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:54:08.979Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-36398",
"datePublished": "2024-08-13T07:54:08.979Z",
"dateReserved": "2024-05-27T13:41:04.358Z",
"dateUpdated": "2024-08-13T13:26:17.671Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-25237
Vulnerability from cvelistv5
Published
2021-02-09 15:38
Modified
2024-08-04 15:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054)
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf | x_refsource_MISC | |
| https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03 | x_refsource_MISC | |
| https://www.zerodayinitiative.com/advisories/ZDI-21-253/ | x_refsource_MISC |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Siemens | SINEC NMS | |
| Siemens | SINEMA Server |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:33:05.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-253/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP1 Update 1"
}
]
},
{
"product": "SINEMA Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14.0 SP2 Update 2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP1 Update 1), SINEMA Server (All versions \u003c V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as \u0027Zip-Slip\u0027. (ZDI-CAN-12054)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-02-25T18:06:20",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-253/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2020-25237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP1 Update 1"
}
]
}
},
{
"product_name": "SINEMA Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14.0 SP2 Update 2"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP1 Update 1), SINEMA Server (All versions \u003c V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as \u0027Zip-Slip\u0027. (ZDI-CAN-12054)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
},
{
"name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03",
"refsource": "MISC",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-21-253/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-21-253/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-25237",
"datePublished": "2021-02-09T15:38:17",
"dateReserved": "2020-09-10T00:00:00",
"dateUpdated": "2024-08-04T15:33:05.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33725
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.911Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:26",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to delete arbitrary files or directories under a user controlled path and does not correctly check if the relative path is still within the intended target directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33725",
"datePublished": "2021-10-12T09:49:26",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.911Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-7580
Vulnerability from cvelistv5
Published
2020-06-10 00:00
Modified
2024-08-04 09:33
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions < V16 Upd3), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC ProSave (All versions < V17), SIMATIC S7-1500 Software Controller (All versions < V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions < V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions < V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMATIC STEP 7 V5 (All versions < V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions < V3.16 P018), SIMATIC WinCC OA V3.17 (All versions < V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions < V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions < V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions < V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions < V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions < V7.5 SP1 Update 3), SINAMICS STARTER (All Versions < V5.4 HF2), SINAMICS Startdrive (All Versions < V16 Update 3), SINEC NMS (All versions < V1.0 SP2), SINEMA Server (All versions < V14 SP3), SINUMERIK ONE virtual (All Versions < V6.14), SINUMERIK Operate (All Versions < V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.492Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC Automation Tool",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V4 SP2"
}
]
},
{
"product": "SIMATIC NET PC Software V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Update 14"
}
]
},
{
"product": "SIMATIC NET PC Software V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC NET PC Software V16",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Upd3"
}
]
},
{
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.0 SP1"
}
]
},
{
"product": "SIMATIC ProSave",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V17"
}
]
},
{
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V21.8"
}
]
},
{
"product": "SIMATIC STEP 7 (TIA Portal) V13",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13 SP2 Update 4"
}
]
},
{
"product": "SIMATIC STEP 7 (TIA Portal) V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Update 10"
}
]
},
{
"product": "SIMATIC STEP 7 (TIA Portal) V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 5"
}
]
},
{
"product": "SIMATIC STEP 7 (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 2"
}
]
},
{
"product": "SIMATIC STEP 7 V5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.6 SP2 HF3"
}
]
},
{
"product": "SIMATIC WinCC OA V3.16",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.16 P018"
}
]
},
{
"product": "SIMATIC WinCC OA V3.17",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.17 P003"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 2"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V13",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V13 SP2 Update 4"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Update 10"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Update 5"
}
]
},
{
"product": "SIMATIC WinCC Runtime Professional V16",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V16 Update 2"
}
]
},
{
"product": "SIMATIC WinCC V7.4",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.4 SP1 Update 14"
}
]
},
{
"product": "SIMATIC WinCC V7.5",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V7.5 SP1 Update 3"
}
]
},
{
"product": "SINAMICS STARTER",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V5.4 HF2"
}
]
},
{
"product": "SINAMICS Startdrive",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V16 Update 3"
}
]
},
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2"
}
]
},
{
"product": "SINEMA Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP3"
}
]
},
{
"product": "SINUMERIK ONE virtual",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V6.14"
}
]
},
{
"product": "SINUMERIK Operate",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All Versions \u003c V6.14"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC Automation Tool (All versions \u003c V4 SP2), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC NET PC Software V16 (All versions \u003c V16 Upd3), SIMATIC PCS neo (All versions \u003c V3.0 SP1), SIMATIC ProSave (All versions \u003c V17), SIMATIC S7-1500 Software Controller (All versions \u003c V21.8), SIMATIC STEP 7 (TIA Portal) V13 (All versions \u003c V13 SP2 Update 4), SIMATIC STEP 7 (TIA Portal) V14 (All versions \u003c V14 SP1 Update 10), SIMATIC STEP 7 (TIA Portal) V15 (All versions \u003c V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions \u003c V16 Update 2), SIMATIC STEP 7 V5 (All versions \u003c V5.6 SP2 HF3), SIMATIC WinCC OA V3.16 (All versions \u003c V3.16 P018), SIMATIC WinCC OA V3.17 (All versions \u003c V3.17 P003), SIMATIC WinCC Runtime Advanced (All versions \u003c V16 Update 2), SIMATIC WinCC Runtime Professional V13 (All versions \u003c V13 SP2 Update 4), SIMATIC WinCC Runtime Professional V14 (All versions \u003c V14 SP1 Update 10), SIMATIC WinCC Runtime Professional V15 (All versions \u003c V15.1 Update 5), SIMATIC WinCC Runtime Professional V16 (All versions \u003c V16 Update 2), SIMATIC WinCC V7.4 (All versions \u003c V7.4 SP1 Update 14), SIMATIC WinCC V7.5 (All versions \u003c V7.5 SP1 Update 3), SINAMICS STARTER (All Versions \u003c V5.4 HF2), SINAMICS Startdrive (All Versions \u003c V16 Update 3), SINEC NMS (All versions \u003c V1.0 SP2), SINEMA Server (All versions \u003c V14 SP3), SINUMERIK ONE virtual (All Versions \u003c V6.14), SINUMERIK Operate (All Versions \u003c V6.14). A common component used by the affected applications regularly calls a helper binary with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to execute arbitrary code with SYTEM privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-428",
"description": "CWE-428: Unquoted Search Path or Element",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-13T00:00:00",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-312271.pdf"
},
{
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-161-04"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2020-7580",
"datePublished": "2020-06-10T00:00:00",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31978
Vulnerability from cvelistv5
Published
2024-04-09 08:34
Modified
2024-09-04 15:03
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.835Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-128433.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:03:21.447298Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T15:03:29.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V2.0 SP2). Affected devices allow authenticated users to export monitoring data. The corresponding API endpoint is susceptible to path traversal and could allow an authenticated attacker to download files from the file system. Under certain circumstances the downloaded files are deleted from the file system."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-09T08:34:44.145Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-128433.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-31978",
"datePublished": "2024-04-09T08:34:44.145Z",
"dateReserved": "2024-04-08T09:25:09.982Z",
"dateUpdated": "2024-09-04T15:03:29.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46283
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:40.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2407",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an out of bounds write past the end of an allocated buffer when handling specific requests on port 4002/tcp. This could allow an attacker to crash the application. The corresponding service is auto-restarted after the crash."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120: Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:29:52.922Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46283",
"datePublished": "2023-12-12T11:27:14.437Z",
"dateReserved": "2023-10-20T10:29:46.260Z",
"dateUpdated": "2025-01-14T10:29:52.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33727
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:27",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). An authenticated attacker could download the user profile of any user. With this, the attacker could leak confidential information of any user in the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33727",
"datePublished": "2021-10-12T09:49:27",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-37200
Vulnerability from cvelistv5
Published
2021-09-14 10:47
Modified
2024-08-04 01:16
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:16:03.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-14T10:47:53",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-37200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP1). An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-330339.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-37200",
"datePublished": "2021-09-14T10:47:53",
"dateReserved": "2021-07-21T00:00:00",
"dateUpdated": "2024-08-04T01:16:03.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23812
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-16 19:11
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinec_nms",
"vendor": "siemens",
"versions": [
{
"lessThan": "2.0SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23812",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:09:40.944691Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-16T19:11:29.535Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T10:22:02.028Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-23812",
"datePublished": "2024-02-13T09:00:24.566Z",
"dateReserved": "2024-01-22T17:44:56.762Z",
"dateUpdated": "2024-08-16T19:11:29.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46285
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:45:40.610Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2407",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). The affected application contains an improper input validation vulnerability that could allow an attacker to bring the service into a Denial-of-Service state by sending a specifically crafted message to 4004/tcp. The corresponding service is auto-restarted after the crash is detected by a watchdog."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:29:55.697Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46285",
"datePublished": "2023-12-12T11:27:17.080Z",
"dateReserved": "2023-10-20T10:29:46.260Z",
"dateUpdated": "2025-01-14T10:29:55.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33733
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:33",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33733",
"datePublished": "2021-10-12T09:49:33",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-49775
Vulnerability from cvelistv5
Published
2024-12-16 15:06
Modified
2025-03-12 16:34
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.
This could allow an unauthenticated remote attacker to execute arbitrary code.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-49775",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-16T16:33:33.058713Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T16:34:51.664Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Intelligence",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter RDL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V5.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 3), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC \u003c V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component.\r\nThis could allow an unauthenticated remote attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T09:47:57.415Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-928984.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-49775",
"datePublished": "2024-12-16T15:06:04.714Z",
"dateReserved": "2024-10-18T14:25:05.725Z",
"dateUpdated": "2025-03-12T16:34:51.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33724
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.867Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:25",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system contains an Arbitrary File Deletion vulnerability that possibly allows to delete an arbitrary file or directory under a user controlled path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33724",
"datePublished": "2021-10-12T09:49:25",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.867Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-33698
Vulnerability from cvelistv5
Published
2024-09-10 09:36
Modified
2025-03-11 09:47
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions < V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:simatic_pcs_neo:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_pcs_neo",
"vendor": "siemens",
"versions": [
{
"lessThan": "4.1_update_2",
"status": "affected",
"version": "4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:totally_integrated_automation_portal:16:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:totally_integrated_automation_portal:18:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:totally_integrated_automation_portal:19:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:simatic_pcs_neo:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:simatic_information_server:2022:*:*:*:*:*:*:*",
"cpe:2.3:a:siemens:simatic_information_server:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "simatic_information_server",
"vendor": "siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:siemens:totally_integrated_automation_portal:17:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "totally_integrated_automation_portal",
"vendor": "siemens",
"versions": [
{
"lessThan": "17_update_8",
"status": "affected",
"version": "17",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-33698",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T17:32:07.999463Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T18:26:36.889Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter RDL",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V4.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1 Update 2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo V5.0",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0 Update 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Remote Connect Client",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.2 SP3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V19",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V19 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions \u003c V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions \u003c V5.0 Update 1), SINEC NMS (All versions), SINEMA Remote Connect Client (All versions \u003c V3.2 SP3), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions \u003c V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T09:47:51.007Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-039007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-33698",
"datePublished": "2024-09-10T09:36:31.009Z",
"dateReserved": "2024-04-26T12:32:09.263Z",
"dateUpdated": "2025-03-11T09:47:51.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-25311
Vulnerability from cvelistv5
Published
2022-03-08 00:00
Modified
2025-04-21 13:55
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:36:06.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-25311",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:23:40.924182Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:55:26.745Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V1.0.3 \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Server V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003e= V1.0.3 \u003c V2.0), SINEC NMS (All versions \u003c V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T10:20:54.455Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-25311",
"datePublished": "2022-03-08T00:00:00.000Z",
"dateReserved": "2022-02-17T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:55:26.745Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41940
Vulnerability from cvelistv5
Published
2024-08-13 07:54
Modified
2024-08-13 14:23
Severity ?
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C
9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinec_nms",
"vendor": "siemens",
"versions": [
{
"lessThan": "3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41940",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T14:21:02.771500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T14:23:29.960Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V3.0). The affected application does not properly validate user input to a privileged command queue. This could allow an authenticated attacker to execute OS commands with elevated privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20: Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:54:32.926Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41940",
"datePublished": "2024-08-13T07:54:32.926Z",
"dateReserved": "2024-07-24T14:56:58.095Z",
"dateUpdated": "2024-08-13T14:23:29.960Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33729
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:23.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:29",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). An authenticated attacker that is able to import firmware containers to an affected system could execute arbitrary commands in the local database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33729",
"datePublished": "2021-10-12T09:49:29",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:23.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24282
Vulnerability from cvelistv5
Published
2022-03-08 00:00
Modified
2025-04-21 13:55
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24282",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T15:23:44.796055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-21T13:55:36.584Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V1.0.3 \u003c V2.0"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0.3"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEMA Server V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003e= V1.0.3 \u003c V2.0), SINEC NMS (All versions \u003c V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:P/RL:T/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502: Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-10T10:20:52.354Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-250085.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2022-24282",
"datePublished": "2022-03-08T00:00:00.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2025-04-21T13:55:36.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33723
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:24",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). An authenticated attacker could change the user profile of any user without proper authorization. With this, the attacker could change the password of any user in the affected system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33723",
"datePublished": "2021-10-12T09:49:24",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23810
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-01 23:13
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T10:21:59.752Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-23810",
"datePublished": "2024-02-13T09:00:21.960Z",
"dateReserved": "2024-01-22T17:44:56.762Z",
"dateUpdated": "2024-08-01T23:13:08.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-6575
Vulnerability from cvelistv5
Published
2019-04-17 13:40
Modified
2024-08-04 20:23
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions < V2.7), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants) (All versions < V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions < V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions < V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions < V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions < V1.1.0), SIMATIC RF600R family (All versions < V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.5 < V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions < V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions < V15.1 Upd 4), SINEC NMS (All versions < V1.0 SP1), SINEMA Server (All versions < V14 SP2), SINUMERIK OPC UA Server (All versions < V2.1), TeleControl Server Basic (All versions < V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:23:22.041Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SIMATIC CP 443-1 OPC UA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.7"
}
]
},
{
"product": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SIMATIC IPC DiagMonitor",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V5.1.3"
}
]
},
{
"product": "SIMATIC NET PC Software V13",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC NET PC Software V14",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP1 Update 14"
}
]
},
{
"product": "SIMATIC NET PC Software V15",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
},
{
"product": "SIMATIC RF188C",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.1.0"
}
]
},
{
"product": "SIMATIC RF600R family",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.2.1"
}
]
},
{
"product": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003e= V2.5 \u003c V2.6.1"
}
]
},
{
"product": "SIMATIC S7-1500 Software Controller",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions between V2.5 (including) and V2.7 (excluding)"
}
]
},
{
"product": "SIMATIC WinCC OA",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.15 P018"
}
]
},
{
"product": "SIMATIC WinCC Runtime Advanced",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V15.1 Upd 4"
}
]
},
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP1"
}
]
},
{
"product": "SINEMA Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V14 SP2"
}
]
},
{
"product": "SINUMERIK OPC UA Server",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V2.1"
}
]
},
{
"product": "TeleControl Server Basic",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V3.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T11:16:36",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2019-6575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SIMATIC CP 443-1 OPC UA",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.7"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SIMATIC IPC DiagMonitor",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V5.1.3"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V13",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V14",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP1 Update 14"
}
]
}
},
{
"product_name": "SIMATIC NET PC Software V15",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
},
{
"product_name": "SIMATIC RF188C",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.1.0"
}
]
}
},
{
"product_name": "SIMATIC RF600R family",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.2.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants)",
"version": {
"version_data": [
{
"version_value": "All versions \u003e= V2.5 \u003c V2.6.1"
}
]
}
},
{
"product_name": "SIMATIC S7-1500 Software Controller",
"version": {
"version_data": [
{
"version_value": "All versions between V2.5 (including) and V2.7 (excluding)"
}
]
}
},
{
"product_name": "SIMATIC WinCC OA",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.15 P018"
}
]
}
},
{
"product_name": "SIMATIC WinCC Runtime Advanced",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V15.1 Upd 4"
}
]
}
},
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP1"
}
]
}
},
{
"product_name": "SINEMA Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V14 SP2"
}
]
}
},
{
"product_name": "SINUMERIK OPC UA Server",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V2.1"
}
]
}
},
{
"product_name": "TeleControl Server Basic",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V3.1.1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SIMATIC CP 443-1 OPC UA (All versions), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions \u003c V2.7), SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI Comfort Panels 4\" - 22\" (incl. SIPLUS variants) (All versions \u003c V15.1 Upd 4), SIMATIC HMI KTP Mobile Panels KTP400F, KTP700, KTP700F, KTP900 and KTP900F (All versions \u003c V15.1 Upd 4), SIMATIC IPC DiagMonitor (All versions \u003c V5.1.3), SIMATIC NET PC Software V13 (All versions), SIMATIC NET PC Software V14 (All versions \u003c V14 SP1 Update 14), SIMATIC NET PC Software V15 (All versions), SIMATIC RF188C (All versions \u003c V1.1.0), SIMATIC RF600R family (All versions \u003c V3.2.1), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions \u003e= V2.5 \u003c V2.6.1), SIMATIC S7-1500 Software Controller (All versions between V2.5 (including) and V2.7 (excluding)), SIMATIC WinCC OA (All versions \u003c V3.15 P018), SIMATIC WinCC Runtime Advanced (All versions \u003c V15.1 Upd 4), SINEC NMS (All versions \u003c V1.0 SP1), SINEMA Server (All versions \u003c V14 SP2), SINUMERIK OPC UA Server (All versions \u003c V2.1), TeleControl Server Basic (All versions \u003c V3.1.1). Specially crafted network packets sent to affected devices on port 4840/tcp could allow an unauthenticated remote attacker to cause a denial of service condition of the OPC communication or crash the device. The security vulnerability could be exploited by an attacker with network access to the affected systems. Successful exploitation requires no system privileges and no user interaction. An attacker could use the vulnerability to compromise availability of the OPC communication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2019-6575",
"datePublished": "2019-04-17T13:40:24",
"dateReserved": "2019-01-22T00:00:00",
"dateUpdated": "2024-08-04T20:23:22.041Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46282
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.314Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2407",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected applications that could allow an attacker to inject arbitrary JavaScript code. The code could be potentially executed later by another (possibly privileged) user."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:29:51.618Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46282",
"datePublished": "2023-12-12T11:27:13.134Z",
"dateReserved": "2023-10-20T10:29:46.260Z",
"dateUpdated": "2025-01-14T10:29:51.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33730
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.941Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:30",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33730",
"datePublished": "2021-10-12T09:49:30",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.941Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46281
Vulnerability from cvelistv5
Published
2023-12-12 11:27
Modified
2025-01-14 10:29
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in Opcenter Execution Foundation (All versions < V2407), Opcenter Quality (All versions < V2312), SIMATIC PCS neo (All versions < V4.1), SINEC NMS (All versions < V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46281",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:41:24.487753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:41:45.644Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Opcenter Execution Foundation",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2407",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Opcenter Quality",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2312",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC PCS neo",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V14",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V15.1",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V16",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V17",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V17 Update 8",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "Totally Integrated Automation Portal (TIA Portal) V18",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V18 Update 3",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions \u003c V2407), Opcenter Quality (All versions \u003c V2312), SIMATIC PCS neo (All versions \u003c V4.1), SINEC NMS (All versions \u003c V2.0 SP1), Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions \u003c V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions \u003c V18 Update 3). When accessing the UMC Web-UI from affected products, UMC uses an overly permissive CORS policy. This could allow an attacker to trick a legitimate user to trigger unwanted behavior."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-942",
"description": "CWE-942: Permissive Cross-domain Policy with Untrusted Domains",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-14T10:29:50.318Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-999588.pdf"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-999588.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2023-46281",
"datePublished": "2023-12-12T11:27:11.796Z",
"dateReserved": "2023-10-20T10:29:46.259Z",
"dateUpdated": "2025-01-14T10:29:50.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33731
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.852Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:31",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). A privileged authenticated attacker could execute arbitrary commands in the local database by sending crafted requests to the webserver of the affected application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33731",
"datePublished": "2021-10-12T09:49:31",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.852Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-33726
Vulnerability from cvelistv5
Published
2021-10-12 09:49
Modified
2024-08-03 23:58
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:58:22.801Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"status": "affected",
"version": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-12T09:49:27",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2021-33726",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINEC NMS",
"version": {
"version_data": [
{
"version_value": "All versions \u003c V1.0 SP2 Update 1"
}
]
}
}
]
},
"vendor_name": "Siemens"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP2 Update 1). The affected system allows to download arbitrary files under a user controlled path and does not correctly check if the relative path is still within the intended target directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf",
"refsource": "MISC",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-163251.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2021-33726",
"datePublished": "2021-10-12T09:49:27",
"dateReserved": "2021-05-28T00:00:00",
"dateUpdated": "2024-08-03T23:58:22.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41941
Vulnerability from cvelistv5
Published
2024-08-13 07:54
Modified
2024-08-13 13:18
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41941",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-13T13:06:14.340763Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:18:22.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
"version": "3.1"
}
},
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T07:54:34.225Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-41941",
"datePublished": "2024-08-13T07:54:34.225Z",
"dateReserved": "2024-07-24T15:11:47.851Z",
"dateUpdated": "2024-08-13T13:18:22.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-23811
Vulnerability from cvelistv5
Published
2024-02-13 09:00
Modified
2024-08-27 14:27
Severity ?
EPSS score ?
Summary
A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:13:08.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "sinec_nms",
"vendor": "siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-23811",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T15:47:50.906681Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T14:27:23.272Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "SINEC NMS",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V2.0 SP1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in SINEC NMS (All versions \u003c V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-12T10:22:00.924Z",
"orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"shortName": "siemens"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-943925.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
"assignerShortName": "siemens",
"cveId": "CVE-2024-23811",
"datePublished": "2024-02-13T09:00:23.301Z",
"dateReserved": "2024-01-22T17:44:56.762Z",
"dateUpdated": "2024-08-27T14:27:23.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-202103-1464
Vulnerability from variot
An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Description:
Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.
Bug Fix(es):
-
WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)
-
LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath (BZ#1952917)
-
Telemetry info not completely available to identify windows nodes (BZ#1955319)
-
WMCO incorrectly shows node as ready after a failed configuration (BZ#1956412)
-
kube-proxy service terminated unexpectedly after recreated LB service (BZ#1963263)
-
Solution:
For Windows Machine Config Operator upgrades, see the following documentation:
https://docs.openshift.com/container-platform/4.7/windows_containers/window s-node-upgrades.html
- Bugs fixed (https://bugzilla.redhat.com/):
1945248 - WMCO patch pub-key-hash annotation to Linux node 1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don't create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM 1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath 1955319 - Telemetry info not completely available to identify windows nodes 1956412 - WMCO incorrectly shows node as ready after a failed configuration 1963263 - kube-proxy service terminated unexpectedly after recreated LB service
- Bugs fixed (https://bugzilla.redhat.com/):
1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve
- JIRA issues fixed (https://issues.jboss.org/):
TRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
-
jackson-databind: arbitrary code execution in slf4j-ext class (CVE-2018-14718)
-
jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes (CVE-2018-14719)
-
jackson-databind: improper polymorphic deserialization in axis2-transport-jms class (CVE-2018-19360)
-
jackson-databind: improper polymorphic deserialization in openjpa class (CVE-2018-19361)
-
jackson-databind: improper polymorphic deserialization in jboss-common-core class (CVE-2018-19362)
-
jackson-databind: default typing mishandling leading to remote code execution (CVE-2019-14379)
-
jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-35728)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-36184)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource (CVE-2020-36185)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource (CVE-2020-36186)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource (CVE-2020-36187)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource (CVE-2020-36188)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc e (CVE-2020-36189)
-
jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing (CVE-2021-20190)
-
jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)
-
jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class (CVE-2018-14721)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. See the following advisory for the container images for this release:
https://access.redhat.com/errata/RHBA-2021:1232
All OpenShift Container Platform 4.6 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
For OpenShift Container Platform 4.6 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.6/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class 1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes 1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes 1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class 1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class 1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class 1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class 1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution 1859004 - Sometimes the eventrouter couldn't gather event logs. 1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration 1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource 1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource 1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool 1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS 1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS 1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS 1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS 1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool 1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource 1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource 1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource 1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource 1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource 1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource 1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing 1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected 1950894 - Placeholder bug for OCP 4.6.0 extras release
Bug fix:
-
RHACM 2.0.10 images (BZ #1940452)
-
Bugs fixed (https://bugzilla.redhat.com/):
1940452 - RHACM 2.0.10 images 1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.1.6 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fixes:
-
RHACM 2.1.6 images (BZ#1940581)
-
When generating the import cluster string, it can include unescaped characters (BZ#1934184)
-
Bugs fixed (https://bugzilla.redhat.com/):
1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation 1934184 - When generating the import cluster string, it can include unescaped characters 1940581 - RHACM 2.1.6 images
- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update Advisory ID: RHSA-2021:1199-01 Product: Red Hat JBoss Core Services Advisory URL: https://access.redhat.com/errata/RHSA-2021:1199 Issue date: 2021-04-14 CVE Names: CVE-2021-3449 CVE-2021-3450 ==================================================================== 1. Summary:
Updated packages that provide Red Hat JBoss Core Services Pack Apache Server 2.4.37 and fix several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64
- Description:
This release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages that are part of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services Pack Apache Server 2.4.37 Service Pack 6 and includes bug fixes and enhancements. Refer to the Release Notes for information on the most significant bug fixes and enhancements included in this release.
Security fix(es):
- openssl: NULL pointer dereference in signature_algorithms processing (CVE-2021-3449)
- openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT (CVE-2021-3450)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT 1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing
- Package List:
Red Hat JBoss Core Services on RHEL 7 Server:
Source: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm jbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm
noarch: jbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm
ppc64: jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm
x86_64: jbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm jbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-3449 https://access.redhat.com/security/cve/CVE-2021-3450 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYHcQ4tzjgjWX9erEAQg5Zg/9FciPflU5YnbBIktqUgZAzkgIaZf3cp/A vYQu1D/5oRwfvcdbhtzgYBVB5Ha+Ut1QQRHix/3QkD2v4+pF2eAnfe6TN2ftgKyJ Qw1oOs0HGdUzSkxboZESkTGiSmaCLT7fn7dHvJ1cH0rfQx7ngYRPGLPAbSHqOaQZ gkRYTZGl+jBG/a91XBMoa+QRFT0+yQX4ps2oEGiMWZMIfWOrC4iU9NnudR1CDGE7 SWzDmjAIKP2xjfi6UVwTuuq64ROju9ginT5KPwj42Btfatnj6nTF4CIoWyfBm9LK CLBXeJOfjQUB/vjiTeLh47d1rMt7H5Jjck8imL6nfdAkzG+SKQA3yxjHztdmEFyX aDQR6T5X2lPBPdtHE0qaunS5lb/XRWh7xTQ3k34iTYvIN2wd2KqP78TwXSMEKWlV ddGQul2vakBXn4C2waTvuJE6JvvwS4Q8zQ1plpW1uOuGIRn1XAxJWV+Wkmt5eBg6 AbyXUMM7pLKiUNP1L0k7nKKx5Ta3HlnpvOpXMDlvccxwEAWoVqZ+nrmUe9bG67DK 1yEp/DR/XpKLPjCwBEW+i+nZUSpTyKe3+J962KoSJ/HISVRZaicBmGiQDCKCEbPr hnhoDO+7Y0A1GlmAd3ZkHu+k97louMpIkRsghdZ7el3D1Hx2EhP/HSQqHI5QCyMl qQeHglPylHU=m11c -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Description:
Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector (mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat Native library
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202103-1464",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "simatic pdm",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "9.1.0.7"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.14.0"
},
{
"model": "scalance w700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.5"
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic logon",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.5"
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "log correlation engine",
"scope": "lt",
"trust": 1.0,
"vendor": "tenable",
"version": "6.0.9"
},
{
"model": "simatic mv500",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp1243-7 lte eu",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.3.1.2"
},
{
"model": "primavera unifier",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.12"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.3.5"
},
{
"model": "freebsd",
"scope": "eq",
"trust": 1.0,
"vendor": "freebsd",
"version": "12.2"
},
{
"model": "tenable.sc",
"scope": "gte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic pcs neo",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s602",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic wincc runtime advanced",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.12.0"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.24.0"
},
{
"model": "simatic rf185c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec infrastructure network services",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.1.1"
},
{
"model": "nessus",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "8.13.1"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.0"
},
{
"model": "mysql server",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.15"
},
{
"model": "openssl",
"scope": "lt",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1k"
},
{
"model": "primavera unifier",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "17.7"
},
{
"model": "simatic net cp 1543sp-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "sinamics connect 300",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.1"
},
{
"model": "tim 1531 irc",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "scalance s623",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic net cp 1243-8 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "essbase",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.2"
},
{
"model": "simatic net cp1243-7 lte us",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "scalance m-800",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "simatic rf166c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "oncommand insight",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1215 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "simatic hmi basic panels 2nd generation",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf186c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.0.0"
},
{
"model": "simatic s7-1200 cpu 1211c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "jd edwards enterpriseone tools",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "9.2.6.0"
},
{
"model": "ruggedcom rcm1224",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "sma100",
"scope": "lt",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.1.0-17sv"
},
{
"model": "scalance sc-600",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.57"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "10.1.1"
},
{
"model": "simatic rf186ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "9.2.10"
},
{
"model": "openssl",
"scope": "gte",
"trust": 1.0,
"vendor": "openssl",
"version": "1.1.1"
},
{
"model": "communications communications policy management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.6.0.0.0"
},
{
"model": "simatic process historian opc ua server",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2019"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.0.0"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.12"
},
{
"model": "simatic rf188ci",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1545-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "graalvm",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "21.0.0.2"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.13.0"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "simatic net cp 1543-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.2"
},
{
"model": "scalance lpe9403",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic net cp 1243-1",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "scalance s615",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "6.2"
},
{
"model": "simatic net cp 1543-1",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.13.0"
},
{
"model": "scalance xb-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xf-200ba",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "simatic cloud connect 7",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.1"
},
{
"model": "secure backup",
"scope": "lt",
"trust": 1.0,
"vendor": "oracle",
"version": "18.1.0.1.0"
},
{
"model": "simatic hmi comfort outdoor panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic s7-1200 cpu 1215c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance s627-2m",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.17.0"
},
{
"model": "simatic s7-1200 cpu 1214c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql server",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "5.7.33"
},
{
"model": "node.js",
"scope": "lte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.12.0"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.15.0"
},
{
"model": "cloud volumes ontap mediator",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic cloud connect 7",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.13.0"
},
{
"model": "simatic rf360r",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "tim 1531 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic logon",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "1.6.0.2"
},
{
"model": "sinec pni",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "scalance xr524-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.12.0"
},
{
"model": "jd edwards world security",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "a9.4"
},
{
"model": "simatic s7-1200 cpu 1212c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinumerik opc ua server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "scalance xm-400",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "19.12"
},
{
"model": "simatic s7-1500 cpu 1518-4 pn\\/dp mfp",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "tia administrator",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.14.0"
},
{
"model": "e-series performance analyzer",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1214 fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "mysql connectors",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "scalance xc-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "nessus network monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "tenable",
"version": "5.11.1"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
},
{
"model": "web gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "active iq unified manager",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "7.0.1.0"
},
{
"model": "scalance xp-200",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "scalance xr-300wg",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "4.3"
},
{
"model": "simatic hmi ktp mobile panels",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "ontap select deploy administration utility",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "quantum security gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "quantum security management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r81"
},
{
"model": "simatic wincc telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "primavera unifier",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "20.12"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "15.0.0"
},
{
"model": "scalance s612",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "4.1"
},
{
"model": "simatic net cp 1542sp-1 irc",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.1"
},
{
"model": "santricity smi-s provider",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "scalance xr528-6m",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "12.22.1"
},
{
"model": "sma100",
"scope": "gte",
"trust": 1.0,
"vendor": "sonicwall",
"version": "10.2.0.0"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "web gateway cloud service",
"scope": "eq",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.2.19"
},
{
"model": "mysql workbench",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.23"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.59"
},
{
"model": "capture client",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "3.5"
},
{
"model": "scalance xr552-12",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "simatic pcs 7 telecontrol",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic rf188c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "enterprise manager for storage management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "scalance xr526-8c",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "6.4"
},
{
"model": "scalance w1700",
"scope": "gte",
"trust": 1.0,
"vendor": "siemens",
"version": "2.0"
},
{
"model": "simatic s7-1200 cpu 1217c",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "node.js",
"scope": "gte",
"trust": 1.0,
"vendor": "nodejs",
"version": "10.0.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "node.js",
"scope": "lt",
"trust": 1.0,
"vendor": "nodejs",
"version": "14.16.1"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "simatic s7-1200 cpu 1212fc",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "simatic cp 1242-7 gprs v2",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": null
},
{
"model": "multi-domain management",
"scope": "eq",
"trust": 1.0,
"vendor": "checkpoint",
"version": "r80.40"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
}
],
"trust": 0.8
},
"cve": "CVE-2021-3449",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-3449",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-388130",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.2,
"id": "CVE-2021-3449",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-3449",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-388130",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). OpenSSL is an open source general encryption library of the Openssl team that can implement the Secure Sockets Layer (SSLv2/v3) and Transport Layer Security (TLSv1) protocols. The product supports a variety of encryption algorithms, including symmetric ciphers, hash algorithms, secure hash algorithms, etc. Description:\n\nWindows Container Support for Red Hat OpenShift allows you to deploy\nWindows container workloads running on Windows Server containers. \n\nBug Fix(es):\n\n* WMCO patch pub-key-hash annotation to Linux node (BZ#1945248)\n\n* LoadBalancer Service type with invalid external loadbalancer IP breaks\nthe datapath (BZ#1952917)\n\n* Telemetry info not completely available to identify windows nodes\n(BZ#1955319)\n\n* WMCO incorrectly shows node as ready after a failed configuration\n(BZ#1956412)\n\n* kube-proxy service terminated unexpectedly after recreated LB service\n(BZ#1963263)\n\n3. Solution:\n\nFor Windows Machine Config Operator upgrades, see the following\ndocumentation:\n\nhttps://docs.openshift.com/container-platform/4.7/windows_containers/window\ns-node-upgrades.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1945248 - WMCO patch pub-key-hash annotation to Linux node\n1946538 - CVE-2021-25736 kubernetes: LoadBalancer Service type don\u0027t create a HNS policy for empty or invalid external loadbalancer IP, what could lead to MITM\n1952917 - LoadBalancer Service type with invalid external loadbalancer IP breaks the datapath\n1955319 - Telemetry info not completely available to identify windows nodes\n1956412 - WMCO incorrectly shows node as ready after a failed configuration\n1963263 - kube-proxy service terminated unexpectedly after recreated LB service\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1918750 - CVE-2021-3114 golang: crypto/elliptic: incorrect operations on the P-224 curve\n\n5. JIRA issues fixed (https://issues.jboss.org/):\n\nTRACING-1725 - Elasticsearch operator reports x509 errors communicating with ElasticSearch in OpenShift Service Mesh project\n\n6. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nSecurity Fix(es):\n\n* jackson-databind: arbitrary code execution in slf4j-ext class\n(CVE-2018-14718)\n\n* jackson-databind: arbitrary code execution in blaze-ds-opt and\nblaze-ds-core classes (CVE-2018-14719)\n\n* jackson-databind: improper polymorphic deserialization in\naxis2-transport-jms class (CVE-2018-19360)\n\n* jackson-databind: improper polymorphic deserialization in openjpa class\n(CVE-2018-19361)\n\n* jackson-databind: improper polymorphic deserialization in\njboss-common-core class (CVE-2018-19362)\n\n* jackson-databind: default typing mishandling leading to remote code\nexecution (CVE-2019-14379)\n\n* jackson-databind: Serialization gadgets in\ncom.pastdev.httpcomponents.configuration.JndiConfiguration (CVE-2020-24750)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.PerUserPoolDataSource (CVE-2020-35490)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.datasources.SharedPoolDataSource (CVE-2020-35491)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool\n(CVE-2020-35728)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\noadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36179)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36180)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS (CVE-2020-36181)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS (CVE-2020-36182)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool (CVE-2020-36183)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\n(CVE-2020-36184)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\n(CVE-2020-36185)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource\n(CVE-2020-36186)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\norg.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource\n(CVE-2020-36187)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource\n(CVE-2020-36188)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to\ncom.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSourc\ne (CVE-2020-36189)\n\n* jackson-databind: mishandles the interaction between serialization\ngadgets and typing, related to javax.swing (CVE-2021-20190)\n\n* jackson-databind: exfiltration/XXE in some JDK classes (CVE-2018-14720)\n\n* jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n(CVE-2018-14721)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:1232\n\nAll OpenShift Container Platform 4.6 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\nFor OpenShift Container Platform 4.6 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.6/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1666415 - CVE-2018-14718 jackson-databind: arbitrary code execution in slf4j-ext class\n1666418 - CVE-2018-14719 jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes\n1666423 - CVE-2018-14720 jackson-databind: exfiltration/XXE in some JDK classes\n1666428 - CVE-2018-14721 jackson-databind: server-side request forgery (SSRF) in axis2-jaxws class\n1666482 - CVE-2018-19360 jackson-databind: improper polymorphic deserialization in axis2-transport-jms class\n1666484 - CVE-2018-19361 jackson-databind: improper polymorphic deserialization in openjpa class\n1666489 - CVE-2018-19362 jackson-databind: improper polymorphic deserialization in jboss-common-core class\n1737517 - CVE-2019-14379 jackson-databind: default typing mishandling leading to remote code execution\n1859004 - Sometimes the eventrouter couldn\u0027t gather event logs. \n1882310 - CVE-2020-24750 jackson-databind: Serialization gadgets in com.pastdev.httpcomponents.configuration.JndiConfiguration\n1909266 - CVE-2020-35490 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource\n1909269 - CVE-2020-35491 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource\n1911502 - CVE-2020-35728 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.oracle.wls.shaded.org.apache.xalan.lib.sql.JNDIConnectionPool\n1913871 - CVE-2020-36179 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS\n1913872 - CVE-2020-36180 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS\n1913874 - CVE-2020-36181 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS\n1913926 - CVE-2020-36182 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS\n1913927 - CVE-2020-36183 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool\n1913928 - CVE-2020-36184 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource\n1913929 - CVE-2020-36185 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource\n1913931 - CVE-2020-36186 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource\n1913933 - CVE-2020-36187 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource\n1913934 - CVE-2020-36188 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource\n1913937 - CVE-2020-36189 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource\n1916633 - CVE-2021-20190 jackson-databind: mishandles the interaction between serialization gadgets and typing, related to javax.swing\n1925361 - [4.6] ClusterLogForwarder namespace-specific log forwarding does not work as expected\n1950894 - Placeholder bug for OCP 4.6.0 extras release\n\n5. \n\nBug fix:\n\n* RHACM 2.0.10 images (BZ #1940452)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1940452 - RHACM 2.0.10 images\n1944286 - CVE-2021-23358 nodejs-underscore: Arbitrary code execution via the template function\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.1.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fixes:\n\n* RHACM 2.1.6 images (BZ#1940581)\n\n* When generating the import cluster string, it can include unescaped\ncharacters (BZ#1934184)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1929338 - CVE-2020-35149 mquery: Code injection via merge or clone operation\n1934184 - When generating the import cluster string, it can include unescaped characters\n1940581 - RHACM 2.1.6 images\n\n5. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.37 SP7 security update\nAdvisory ID: RHSA-2021:1199-01\nProduct: Red Hat JBoss Core Services\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1199\nIssue date: 2021-04-14\nCVE Names: CVE-2021-3449 CVE-2021-3450\n====================================================================\n1. Summary:\n\nUpdated packages that provide Red Hat JBoss Core Services Pack Apache\nServer 2.4.37 and fix several bugs, and add various enhancements are now\navailable for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat JBoss Core Services on RHEL 7 Server - noarch, ppc64, x86_64\n\n3. Description:\n\nThis release adds the new Apache HTTP Server 2.4.37 Service Pack 7 packages\nthat are part of the JBoss Core Services offering. \n\nThis release serves as a replacement for Red Hat JBoss Core Services Pack\nApache Server 2.4.37 Service Pack 6 and includes bug fixes and\nenhancements. Refer to the Release Notes for information on the most\nsignificant bug fixes and enhancements included in this release. \n\nSecurity fix(es):\n\n* openssl: NULL pointer dereference in signature_algorithms processing\n(CVE-2021-3449)\n* openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n(CVE-2021-3450)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. \n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1941547 - CVE-2021-3450 openssl: CA certificate check bypass with X509_V_FLAG_X509_STRICT\n1941554 - CVE-2021-3449 openssl: NULL pointer dereference in signature_algorithms processing\n\n6. Package List:\n\nRed Hat JBoss Core Services on RHEL 7 Server:\n\nSource:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.src.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.src.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.src.rpm\njbcs-httpd24-mod_jk-1.2.48-13.redhat_1.jbcs.el7.src.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.src.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.src.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.src.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.src.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.src.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.src.rpm\n\nnoarch:\njbcs-httpd24-httpd-manual-2.4.37-70.jbcs.el7.noarch.rpm\n\nppc64:\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.ppc64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.ppc64.rpm\n\nx86_64:\njbcs-httpd24-httpd-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-debuginfo-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-devel-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-selinux-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-httpd-tools-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_cluster-native-debuginfo-1.3.14-20.Final_redhat_2.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_http2-debuginfo-1.15.7-14.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-ap24-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-debuginfo-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_jk-manual-1.2.48-13.redhat_1.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ldap-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_md-debuginfo-2.0.8-33.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_proxy_html-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_security-debuginfo-2.9.2-60.GA.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_session-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-mod_ssl-2.4.37-70.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-debuginfo-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-nghttp2-devel-1.39.2-37.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-chil-debuginfo-1.0.0-5.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-debuginfo-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-devel-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-libs-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-perl-1.1.1g-6.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-pkcs11-debuginfo-0.4.10-20.jbcs.el7.x86_64.rpm\njbcs-httpd24-openssl-static-1.1.1g-6.jbcs.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-3449\nhttps://access.redhat.com/security/cve/CVE-2021-3450\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYHcQ4tzjgjWX9erEAQg5Zg/9FciPflU5YnbBIktqUgZAzkgIaZf3cp/A\nvYQu1D/5oRwfvcdbhtzgYBVB5Ha+Ut1QQRHix/3QkD2v4+pF2eAnfe6TN2ftgKyJ\nQw1oOs0HGdUzSkxboZESkTGiSmaCLT7fn7dHvJ1cH0rfQx7ngYRPGLPAbSHqOaQZ\ngkRYTZGl+jBG/a91XBMoa+QRFT0+yQX4ps2oEGiMWZMIfWOrC4iU9NnudR1CDGE7\nSWzDmjAIKP2xjfi6UVwTuuq64ROju9ginT5KPwj42Btfatnj6nTF4CIoWyfBm9LK\nCLBXeJOfjQUB/vjiTeLh47d1rMt7H5Jjck8imL6nfdAkzG+SKQA3yxjHztdmEFyX\naDQR6T5X2lPBPdtHE0qaunS5lb/XRWh7xTQ3k34iTYvIN2wd2KqP78TwXSMEKWlV\nddGQul2vakBXn4C2waTvuJE6JvvwS4Q8zQ1plpW1uOuGIRn1XAxJWV+Wkmt5eBg6\nAbyXUMM7pLKiUNP1L0k7nKKx5Ta3HlnpvOpXMDlvccxwEAWoVqZ+nrmUe9bG67DK\n1yEp/DR/XpKLPjCwBEW+i+nZUSpTyKe3+J962KoSJ/HISVRZaicBmGiQDCKCEbPr\nhnhoDO+7Y0A1GlmAd3ZkHu+k97louMpIkRsghdZ7el3D1Hx2EhP/HSQqHI5QCyMl\nqQeHglPylHU=m11c\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. Description:\n\nRed Hat JBoss Web Server is a fully integrated and certified set of\ncomponents for hosting Java web applications. It is comprised of the Apache\nHTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector\n(mod_jk), JBoss HTTP Connector (mod_cluster), Hibernate, and the Tomcat\nNative library",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-3449"
},
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-3449",
"trust": 1.9
},
{
"db": "TENABLE",
"id": "TNS-2021-06",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-09",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-05",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-10",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/3",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/2",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/28/4",
"trust": 1.1
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2021/03/27/1",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-772220",
"trust": 1.1
},
{
"db": "SIEMENS",
"id": "SSA-389290",
"trust": 1.1
},
{
"db": "PULSESECURE",
"id": "SA44845",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10356",
"trust": 1.1
},
{
"db": "PACKETSTORM",
"id": "163257",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162350",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162383",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162337",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162196",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162201",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162197",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162114",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162076",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162041",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162013",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162183",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162189",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162172",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161984",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162200",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-99170",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-388130",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163267",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "163276",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"id": "VAR-202103-1464",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
}
],
"trust": 0.69085685
},
"last_update_date": "2024-09-19T22:06:59.925000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-openssl-2021-ghy28djd"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-772220.pdf"
},
{
"trust": 1.1,
"url": "https://kb.pulsesecure.net/articles/pulse_security_advisories/sa44845"
},
{
"trust": 1.1,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2021-0013"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210326-0006/"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20210513-0002/"
},
{
"trust": 1.1,
"url": "https://www.openssl.org/news/secadv/20210325.txt"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-05"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-06"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-09"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-10"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4875"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202103-03"
},
{
"trust": 1.1,
"url": "https://security.freebsd.org/advisories/freebsd-sa-21:07.openssl.asc"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00029.html"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/1"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/27/2"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/3"
},
{
"trust": 1.1,
"url": "http://www.openwall.com/lists/oss-security/2021/03/28/4"
},
{
"trust": 1.0,
"url": "https://git.openssl.org/gitweb/?p=openssl.git%3ba=commitdiff%3bh=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10356"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 1.0,
"url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
},
{
"trust": 0.8,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2021-3449"
},
{
"trust": 0.8,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2021-3450"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3449"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3450"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20305"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8927"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29363"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-8231"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24977"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29361"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28196"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27219"
},
{
"trust": 0.2,
"url": "https://issues.jboss.org/):"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://docs.openshift.com/container-platform/4.7/jaeger/jaeger_install/rhb"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27363"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-27152"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3347"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-27365"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-0466"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27364"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28374"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-26708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fb9fa6b51defd48157eeb207f52181f735d96148"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10356"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ccbfllvqvilivgzmbjl3ixzgkwqisynp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2130"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/windows_containers/window"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3326"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-25736"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28500"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2543"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13949"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23337"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36188"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20190"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14718"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14720"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35491"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35490"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35491"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36182"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36186"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19360"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36183"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-19362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36179"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36182"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36185"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-14721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24750"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36186"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36187"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36189"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1230"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.6/release_notes/ocp-4-6-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36181"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-36184"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20190"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhba-2021:1232"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-19361"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35728"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14379"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-23358"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1448"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20218"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1369"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35149"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1199"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1202"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-388130"
},
{
"db": "PACKETSTORM",
"id": "163257"
},
{
"db": "PACKETSTORM",
"id": "163267"
},
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
},
{
"db": "PACKETSTORM",
"id": "162337"
},
{
"db": "PACKETSTORM",
"id": "162196"
},
{
"db": "PACKETSTORM",
"id": "162201"
},
{
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2021-06-23T15:44:15",
"db": "PACKETSTORM",
"id": "163257"
},
{
"date": "2021-06-23T16:08:25",
"db": "PACKETSTORM",
"id": "163267"
},
{
"date": "2021-06-24T17:54:53",
"db": "PACKETSTORM",
"id": "163276"
},
{
"date": "2021-04-27T15:37:46",
"db": "PACKETSTORM",
"id": "162350"
},
{
"date": "2021-04-29T14:37:49",
"db": "PACKETSTORM",
"id": "162383"
},
{
"date": "2021-04-26T19:21:56",
"db": "PACKETSTORM",
"id": "162337"
},
{
"date": "2021-04-15T13:49:54",
"db": "PACKETSTORM",
"id": "162196"
},
{
"date": "2021-04-15T13:50:39",
"db": "PACKETSTORM",
"id": "162201"
},
{
"date": "2021-03-25T15:15:13.450000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-388130"
},
{
"date": "2024-06-21T19:15:19.710000",
"db": "NVD",
"id": "CVE-2021-3449"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat Security Advisory 2021-2130-01",
"sources": [
{
"db": "PACKETSTORM",
"id": "163257"
}
],
"trust": 0.1
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code execution",
"sources": [
{
"db": "PACKETSTORM",
"id": "163276"
},
{
"db": "PACKETSTORM",
"id": "162350"
},
{
"db": "PACKETSTORM",
"id": "162383"
}
],
"trust": 0.3
}
}
var-202102-0295
Vulnerability from variot
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (All versions < V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as 'Zip-Slip'. (ZDI-CAN-12054). SINEC NMS and SINEMA Server Contains a path traversal vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12054 Was numbered.Information is tampered with and denial of service (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability.The specific flaw exists within the FirmwareFileUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens SINE CNMS is a new generation of network management system enterprise account for digital libraries. This system can be used to centrally monitor, manage and configure the network. Siemens SINEMA Server is a network monitoring and management software designed by Siemens for industrial Ethernet. There is a security vulnerability in SINEC NMS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sinec network management system",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "sinema server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "sinec network management system",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0"
},
{
"model": "sinec nms",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sinema \u30b5\u30fc\u30d0",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30fc\u30e1\u30f3\u30b9",
"version": null
},
{
"model": "sinec nms",
"scope": null,
"trust": 0.7,
"vendor": "siemens",
"version": null
},
{
"model": "sinec nms sp1 update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v1.01"
},
{
"model": "sinema server sp2 update",
"scope": "lt",
"trust": 0.6,
"vendor": "siemens",
"version": "v14.02"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rgod",
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-253"
}
],
"trust": 0.7
},
"cve": "CVE-2020-25237",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2020-25237",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2021-11835",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-179195",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25237",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-25237",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2020-25237",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-25237",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-25237",
"trust": 0.8,
"value": "High"
},
{
"author": "ZDI",
"id": "CVE-2020-25237",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-11835",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-840",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-179195",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-25237",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "VULHUB",
"id": "VHN-179195"
},
{
"db": "VULMON",
"id": "CVE-2020-25237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-840"
},
{
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability has been identified in SINEC NMS (All versions \u003c V1.0 SP1 Update 1), SINEMA Server (All versions \u003c V14.0 SP2 Update 2). When uploading files to an affected system using a zip container, the system does not correctly check if the relative file path of the extracted files is still within the intended target directory. With this an attacker could create or overwrite arbitrary files on an affected system. This type of vulnerability is also known as \u0027Zip-Slip\u0027. (ZDI-CAN-12054). SINEC NMS and SINEMA Server Contains a path traversal vulnerability. Zero Day Initiative To this vulnerability ZDI-CAN-12054 Was numbered.Information is tampered with and denial of service (DoS) It may be put into a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens SINEC NMS. Authentication is required to exploit this vulnerability.The specific flaw exists within the FirmwareFileUtils class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Siemens SINE CNMS is a new generation of network management system enterprise account for digital libraries. This system can be used to centrally monitor, manage and configure the network. Siemens SINEMA Server is a network monitoring and management software designed by Siemens for industrial Ethernet. There is a security vulnerability in SINEC NMS, and there is no relevant information about this vulnerability at present, please pay attention to CNNVD or manufacturer announcements at any time",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-25237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "VULHUB",
"id": "VHN-179195"
},
{
"db": "VULMON",
"id": "CVE-2020-25237"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-25237",
"trust": 3.9
},
{
"db": "ZDI",
"id": "ZDI-21-253",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-21-040-03",
"trust": 2.6
},
{
"db": "SIEMENS",
"id": "SSA-156833",
"trust": 2.4
},
{
"db": "JVN",
"id": "JVNVU91083521",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-12054",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2021-11835",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0474",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-840",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-179195",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-25237",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "VULHUB",
"id": "VHN-179195"
},
{
"db": "VULMON",
"id": "CVE-2020-25237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-840"
},
{
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"id": "VAR-202102-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "VULHUB",
"id": "VHN-179195"
}
],
"trust": 1.4735739666666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-11835"
}
]
},
"last_update_date": "2024-08-14T13:13:07.721000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SSA-156833",
"trust": 0.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
},
{
"title": "",
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
},
{
"title": "Patch for Siemens SINEMA Server and SINE CNMS catalog traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/248771"
},
{
"title": "SINEC NMS Repair measures for path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=141262"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=bee3f161c685335c061e9d57ac79a176"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "VULMON",
"id": "CVE-2020-25237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-840"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.1
},
{
"problemtype": "Path traversal (CWE-22) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-179195"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://www.zerodayinitiative.com/advisories/zdi-21-253/"
},
{
"trust": 3.2,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03"
},
{
"trust": 2.4,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu91083521"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25237"
},
{
"trust": 0.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-040-03https://cert-portal.siemens.com/productcert/pdf/ssa-156833.pdf"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0474"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://cert-portal.siemens.com/productcert/txt/ssa-156833.txt"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "VULHUB",
"id": "VHN-179195"
},
{
"db": "VULMON",
"id": "CVE-2020-25237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-840"
},
{
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"db": "VULHUB",
"id": "VHN-179195"
},
{
"db": "VULMON",
"id": "CVE-2020-25237"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-840"
},
{
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-25T00:00:00",
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"date": "2021-02-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"date": "2021-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-179195"
},
{
"date": "2021-02-09T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25237"
},
{
"date": "2021-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-840"
},
{
"date": "2021-02-09T17:15:13.517000",
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-25T00:00:00",
"db": "ZDI",
"id": "ZDI-21-253"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-11835"
},
{
"date": "2021-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-179195"
},
{
"date": "2021-03-10T00:00:00",
"db": "VULMON",
"id": "CVE-2020-25237"
},
{
"date": "2021-11-01T09:04:00",
"db": "JVNDB",
"id": "JVNDB-2020-016032"
},
{
"date": "2021-03-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-840"
},
{
"date": "2021-03-10T12:52:29.993000",
"db": "NVD",
"id": "CVE-2020-25237"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-840"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SINEC\u00a0NMS\u00a0 and \u00a0SINEMA\u00a0Server\u00a0 Traversal Vulnerability in Japan",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-016032"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-840"
}
],
"trust": 0.6
}
}
var-202109-1803
Vulnerability from variot
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18
In general, a standard system update will make all the necessary changes. 7) - noarch, x86_64
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.
For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience.
This release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51 serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1803",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
],
"trust": 0.6
},
"cve": "CVE-2021-39275",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2021-39275",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-03225",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-400791",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-39275",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-39275",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2022-03225",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1098",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-400791",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-39275",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. An attacker could exploit this vulnerability to write malicious content and execute it. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2022:0143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0143\nIssue date: 2022-01-17\nCVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.3\n apache2-bin 2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.6\n apache2-bin 2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.18\n apache2-bin 2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. This software, such as Apache HTTP Server, is\ncommon to multiple JBoss middleware products, and is packaged under Red Hat\nJBoss Core Services to allow for faster distribution of updates, and for a\nmore consistent update experience. \n\nThis release of Red Hat JBoss Core Services Apache HTTP Server 2.4.51\nserves as a replacement for Red Hat JBoss Core Services Apache HTTP Server\n2.4.37 Service Pack 10, and includes bug fixes and enhancements, which are\ndocumented in the Release Notes document linked to in the References",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-39275"
},
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169540"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-39275",
"trust": 3.2
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "165587",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "169541",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-03225",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166321",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-06",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2021.3341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3234",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3250",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3544",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0217",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2978",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042117",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060624",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031528",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022032013",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030119",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012038",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042295",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022010632",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102602",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042538",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "169540",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-400791",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-39275",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169132",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"id": "VAR-202109-1803",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
}
],
"trust": 1.2207219
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
}
]
},
"last_update_date": "2024-09-19T20:18:39.144000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Patch for Apache HTTP Server ap_escape_quotes Buffer Overflow Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313446"
},
{
"title": "Apache HTTP Server Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=164677"
},
{
"title": "Red Hat: Moderate: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-39275",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-39275"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-39275 log"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Cosminexus HTTP Server and Hitachi Web Server",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2022-111"
},
{
"title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
},
{
"title": "Brocade Security Advisories: CVE-2021-39275. ap_escape_quotes buffer overflow",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=8a2abdf2d185adc365552c461d65931f"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227143 - Security Advisory"
},
{
"title": "Red Hat: Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.51 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20227144 - Security Advisory"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-120",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.8,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.2,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031528"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060624"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012038"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102602"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042538"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/169541/red-hat-security-advisory-2022-7143-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3234"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022010632"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520016"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042295"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6493845"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042117"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022032013"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3544"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25313"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22824"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22822"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-45960"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-41524"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22827"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22826"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23990"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-46143"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25315"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22823"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25236"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-25235"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-23852"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2022-22825"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-46143"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.1,
"url": "https://github.com/totes5706/toteshtb"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0143"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1945311"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6975397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7143"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:7144"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"db": "VULHUB",
"id": "VHN-400791"
},
{
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "169541"
},
{
"db": "PACKETSTORM",
"id": "169540"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-400791"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"date": "2022-01-17T16:53:40",
"db": "PACKETSTORM",
"id": "165587"
},
{
"date": "2021-09-28T15:13:59",
"db": "PACKETSTORM",
"id": "164307"
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305"
},
{
"date": "2021-09-28T15:23:06",
"db": "PACKETSTORM",
"id": "164318"
},
{
"date": "2022-09-30T14:51:18",
"db": "PACKETSTORM",
"id": "168565"
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169132"
},
{
"date": "2022-10-27T13:05:26",
"db": "PACKETSTORM",
"id": "169541"
},
{
"date": "2022-10-27T13:05:19",
"db": "PACKETSTORM",
"id": "169540"
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"date": "2021-09-16T15:15:07.580000",
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03225"
},
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-400791"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-39275"
},
{
"date": "2022-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1098"
},
{
"date": "2023-11-07T03:37:38.873000",
"db": "NVD",
"id": "CVE-2021-39275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache HTTP Server ap_escape_quotes Buffer Overflow Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03225"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1098"
}
],
"trust": 0.6
}
}
var-202109-1805
Vulnerability from variot
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2022:0143-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:0143 Issue date: 2022-01-17 CVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275 CVE-2021-44790 ==================================================================== 1. Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
-
httpd: mod_lua: Possible buffer overflow when parsing multipart content (CVE-2021-44790)
-
httpd: mod_session: Heap overflow via a crafted SessionHeader value (CVE-2021-26691)
-
httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)
-
httpd: Out-of-bounds write in ap_escape_quotes() via malicious input (CVE-2021-39275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value 2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input 2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests 2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.4.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64.rpm mod_session-2.4.6-97.el7_9.4.ppc64.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.4.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm mod_session-2.4.6-97.el7_9.4.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.4.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm httpd-devel-2.4.6-97.el7_9.4.s390x.rpm httpd-tools-2.4.6-97.el7_9.4.s390x.rpm mod_session-2.4.6-97.el7_9.4.s390x.rpm mod_ssl-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm mod_ldap-2.4.6-97.el7_9.4.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.4.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.4.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.4.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm httpd-devel-2.4.6-97.el7_9.4.x86_64.rpm httpd-tools-2.4.6-97.el7_9.4.x86_64.rpm mod_session-2.4.6-97.el7_9.4.x86_64.rpm mod_ssl-2.4.6-97.el7_9.4.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm mod_ldap-2.4.6-97.el7_9.4.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-26691 https://access.redhat.com/security/cve/CVE-2021-34798 https://access.redhat.com/security/cve/CVE-2021-39275 https://access.redhat.com/security/cve/CVE-2021-44790 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w ivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY rAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS iQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq H4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC Occ84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4 AiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon gYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ 7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q Oueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73 qFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4 5VjPyLrWg5U=TyMo -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-5090-4 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 ESM
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. (CVE-2021-34798)
Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to crash, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275)
It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. A remote attacker could possibly use this issue to cause the server to forward requests to arbitrary origin servers. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04 ESM: apache2 2.4.18-2ubuntu3.17+esm3 apache2-bin 2.4.18-2ubuntu3.17+esm3
In general, a standard system update will make all the necessary changes. 7) - noarch, x86_64
Bug Fix(es):
- proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)
Additional changes:
- To fix CVE-2022-29404, the default value for the "LimitRequestBody" directive in the Apache HTTP Server has been changed from 0 (unlimited) to 1 GiB.
On systems where the value of "LimitRequestBody" is not explicitly specified in an httpd configuration file, updating the httpd package sets "LimitRequestBody" to the default value of 1 GiB. As a consequence, if the total size of the HTTP request body exceeds this 1 GiB default limit, httpd returns the 413 Request Entity Too Large error code.
If the new default allowed size of an HTTP request message body is insufficient for your use case, update your httpd configuration files within the respective context (server, per-directory, per-file, or per-location) and set your preferred limit in bytes. For example, to set a new 2 GiB limit, use:
LimitRequestBody 2147483648
Systems already configured to use any explicit value for the "LimitRequestBody" directive are unaffected by this change.
For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.
For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1805",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications cloud native core network function cloud native environment",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "1.10.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"model": "peoplesoft enterprise peopletools",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.58"
},
{
"model": "ruggedcom nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinec nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.5.0.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.19.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "http server",
"scope": null,
"trust": 0.8,
"vendor": "apache",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Siemens reported these vulnerabilities to CISA.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 0.6
},
"cve": "CVE-2021-34798",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2021-34798",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2022-03223",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-395042",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-34798",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-34798",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-34798",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2021-34798",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-03223",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202109-1109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-395042",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-34798",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier. The server is fast, reliable and extensible through a simple API. No detailed vulnerability details are currently provided. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2022:0143-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2022:0143\nIssue date: 2022-01-17\nCVE Names: CVE-2021-26691 CVE-2021-34798 CVE-2021-39275\n CVE-2021-44790\n====================================================================\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_lua: Possible buffer overflow when parsing multipart content\n(CVE-2021-44790)\n\n* httpd: mod_session: Heap overflow via a crafted SessionHeader value\n(CVE-2021-26691)\n\n* httpd: NULL pointer dereference via malformed requests (CVE-2021-34798)\n\n* httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n(CVE-2021-39275)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1966732 - CVE-2021-26691 httpd: mod_session: Heap overflow via a crafted SessionHeader value\n2005119 - CVE-2021-39275 httpd: Out-of-bounds write in ap_escape_quotes() via malicious input\n2005128 - CVE-2021-34798 httpd: NULL pointer dereference via malformed requests\n2034674 - CVE-2021-44790 httpd: mod_lua: Possible buffer overflow when parsing multipart content\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.4.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.4.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.4.s390x.rpm\nmod_session-2.4.6-97.el7_9.4.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.4.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.4.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.4.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.4.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.4.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.4.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.4.x86_64.rpm\nmod_session-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.4.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.4.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.4.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.4.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-26691\nhttps://access.redhat.com/security/cve/CVE-2021-34798\nhttps://access.redhat.com/security/cve/CVE-2021-39275\nhttps://access.redhat.com/security/cve/CVE-2021-44790\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2022 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYeVdC9zjgjWX9erEAQgzNw/8CjsxUvDW64dwvpcYH/OWJhKqvD53sX+w\nivf4+hhCsEVLvrjD0eTNkbeza+dcZqoR5swL0IjAGXKJ/0q/oh4/yxq2ydgvEYsY\nrAjts0tnynoswBaFo6eaBlcNxQroGID0uqgXkUFt37m4eetACuOSVRcZ7/sNsqBS\niQF4l16vjNvKeOdKY8nSNe77Dt1/Lj41NoL6XbAZPuvaiLBqqGOY9xYfZSSmFHFq\nH4dB8cfMC4cWysFtnzffJ+dJdzcWNOxklwLlZe72JoAJYP59da2YuIoE2LsQRGPC\nOcc84zH/UZx4JWJhF7FEEALC/tizfFqu9qWr1OIDmSVTEAZ+6IZ/mDeF83+0Mrc4\nAiV3oiJi7Fx4XTDUL8fim+FORaSI2IR7LK1Zjau1qCN04ayyFXwJdK/fwgIWJHon\ngYhyUsAj7F7At9m8cCVRP5K4jjmr0qrmsF1M1B6xqMLWlYNcWu3obJS/FbiSdwQJ\n7jFdBagThGOzIle0eGk0iMZ+vRJSuaSMZ7GDA14o46KB+EkvYLe+wi6jBQXJeD6Q\nOueenu2JiMvB8+dJNYrn9uQY+8WHyCVV1HMMmVo9LajA1FJRXgMIQN5ZmDMoDW73\nqFV+VCOHtKPI2hC8ngZYy2RyEUhK4t3f7xmJgtoJ4/DuaGsRWL7xZPL7gLHxWnS4\n5VjPyLrWg5U=TyMo\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-5090-4\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 16.04 ESM\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. A remote attacker could possibly use this issue to\n cause the server to crash, resulting in a denial of service. \n (CVE-2021-34798)\n \n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. A remote attacker could possibly use\n this issue to cause the server to crash, resulting in a denial of service. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n \n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. A remote attacker could possibly use this issue\n to cause the server to forward requests to arbitrary origin servers. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 16.04 ESM:\n apache2 2.4.18-2ubuntu3.17+esm3\n apache2-bin 2.4.18-2ubuntu3.17+esm3\n\nIn general, a standard system update will make all the necessary changes. 7) - noarch, x86_64\n\n3. \n\nBug Fix(es):\n\n* proxy rewrite to unix socket fails with CVE-2021-40438 fix (BZ#2022319)\n\nAdditional changes:\n\n* To fix CVE-2022-29404, the default value for the \"LimitRequestBody\"\ndirective in the Apache HTTP Server has been changed from 0 (unlimited) to\n1 GiB. \n\nOn systems where the value of \"LimitRequestBody\" is not explicitly\nspecified in an httpd configuration file, updating the httpd package sets\n\"LimitRequestBody\" to the default value of 1 GiB. As a consequence, if the\ntotal size of the HTTP request body exceeds this 1 GiB default limit, httpd\nreturns the 413 Request Entity Too Large error code. \n\nIf the new default allowed size of an HTTP request message body is\ninsufficient for your use case, update your httpd configuration files\nwithin the respective context (server, per-directory, per-file, or\nper-location) and set your preferred limit in bytes. For example, to set a\nnew 2 GiB limit, use:\n\nLimitRequestBody 2147483648\n\nSystems already configured to use any explicit value for the\n\"LimitRequestBody\" directive are unaffected by this change. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-34798",
"trust": 3.9
},
{
"db": "TENABLE",
"id": "TNS-2021-17",
"trust": 1.8
},
{
"db": "MCAFEE",
"id": "SB10379",
"trust": 1.8
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "165587",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "168565",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2022-03223",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "166321",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109",
"trust": 0.7
},
{
"db": "ICS CERT",
"id": "ICSA-22-167-06",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "164329",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2022012040",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101308",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022030119",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092301",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022051316",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022031528",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022011749",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021091707",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101513",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101922",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101005",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022060624",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021101101",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022042112",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021112902",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3229",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3405",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3341",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.7",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3148",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3591",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0850",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3482",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2978",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.5",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.2",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.2352",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0217",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3357",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3250",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.4004.3",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3387",
"trust": 0.6
},
{
"db": "ICS CERT",
"id": "ICSA-22-132-02",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-395042",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-34798",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169132",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"id": "VAR-202109-1805",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
}
],
"trust": 1.3031922749999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
}
]
},
"last_update_date": "2024-09-19T19:31:42.563000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2021-e3f6dd670d",
"trust": 0.8,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"title": "Patch for Apache HTTP Server Code Issue Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313156"
},
{
"title": "Apache HTTP Server Fixes for code issue vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=171210"
},
{
"title": "Red Hat: Moderate: httpd:2.4 security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20220891 - Security Advisory"
},
{
"title": "Red Hat: CVE-2021-34798",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-34798"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-34798 log"
},
{
"title": "Red Hat: Moderate: httpd24-httpd security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20226753 - Security Advisory"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
},
{
"title": "Brocade Security Advisories: CVE-2021-34798. NULL pointer dereference in httpd core.",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=2142ed2ad0c6564b6dfdd2779d3117ce"
},
{
"title": "Brocade Security Advisories: Access Denied",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories\u0026qid=3499da969fe529a2e6d5812690c8f102"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "PROJET TUTEURE",
"trust": 0.1,
"url": "https://github.com/PierreChrd/py-projet-tut "
},
{
"title": "Tier 0\nTier 1\nTier 2",
"trust": 0.1,
"url": "https://github.com/Totes5706/TotesHTB "
},
{
"title": "Requirements\nvulnsearch-cve\nUsage\nvulnsearch\nUsage\nTest Sample",
"trust": 0.1,
"url": "https://github.com/kasem545/vulnsearch "
},
{
"title": "Skynet",
"trust": 0.1,
"url": "https://github.com/bioly230/THM_Skynet "
},
{
"title": "Shodan Search Script",
"trust": 0.1,
"url": "https://github.com/firatesatoglu/shodanSearch "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-476",
"trust": 1.1
},
{
"problemtype": "NULL Pointer dereference (CWE-476) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.8,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.8,
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.8,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.7,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10379"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.2,
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.2,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.9,
"url": "https://access.redhat.com/security/cve/cve-2021-34798"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-34798"
},
{
"trust": 0.6,
"url": "httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 0.6,
"url": "http://"
},
{
"trust": 0.6,
"url": "httpd.apache.org%3e"
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers."
},
{
"trust": 0.6,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers."
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022051316"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022030119"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022031528"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3229"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3405"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165587/red-hat-security-advisory-2022-0143-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/166321/red-hat-security-advisory-2022-0891-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021112902"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022060624"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101513"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3357"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2352"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0217"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3250"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3591"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168072/gentoo-linux-security-advisory-202208-20.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.7"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164318/ubuntu-security-notice-usn-5090-3.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0850"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/support/pages/node/6520016"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/168565/red-hat-security-advisory-2022-6753-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.2978"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.3"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.2"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4004.5"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012040"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022011749"
},
{
"trust": 0.6,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-22-132-02"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022042112"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092301"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3387"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3341"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101922"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164329/ubuntu-security-notice-usn-5090-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101308"
},
{
"trust": 0.6,
"url": "httpd-2.4.49-vwl69swq"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3148"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021091707"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101101"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apache-http-server-four-vulnerabilities-36444"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3482"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021101005"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.2,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-39275"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10379"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/476.html"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0891"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-22-167-06"
},
{
"trust": 0.1,
"url": "https://github.com/totes5706/toteshtb"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:0143"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/xxxxxx"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-4"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/6975397"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-36160"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2022:6753"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2022-26377"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"db": "VULHUB",
"id": "VHN-395042"
},
{
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"db": "PACKETSTORM",
"id": "165587"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "168565"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-395042"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"date": "2021-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"date": "2022-01-17T16:53:40",
"db": "PACKETSTORM",
"id": "165587"
},
{
"date": "2021-09-28T15:13:59",
"db": "PACKETSTORM",
"id": "164307"
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305"
},
{
"date": "2021-09-29T14:50:01",
"db": "PACKETSTORM",
"id": "164329"
},
{
"date": "2022-09-30T14:51:18",
"db": "PACKETSTORM",
"id": "168565"
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169132"
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072"
},
{
"date": "2021-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"date": "2021-09-16T15:15:07.267000",
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03223"
},
{
"date": "2022-10-28T00:00:00",
"db": "VULHUB",
"id": "VHN-395042"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-34798"
},
{
"date": "2021-09-29T06:16:00",
"db": "JVNDB",
"id": "JVNDB-2021-002671"
},
{
"date": "2023-02-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202109-1109"
},
{
"date": "2023-11-07T03:36:26.910000",
"db": "NVD",
"id": "CVE-2021-34798"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164329"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apache\u00a0HTTP\u00a0Server\u00a0 In \u00a0NULL\u00a0 Pointer dereference vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-002671"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202109-1109"
}
],
"trust": 0.6
}
}
var-202109-1802
Vulnerability from variot
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: httpd security update Advisory ID: RHSA-2021:3856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3856 Issue date: 2021-10-14 CVE Names: CVE-2021-40438 =====================================================================
- Summary:
An update for httpd is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
Security Fix(es):
- httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing the updated packages, the httpd daemon will be restarted automatically.
- Bugs fixed (https://bugzilla.redhat.com/):
2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:"
- Package List:
Red Hat Enterprise Linux Client Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.2):
Source: httpd-2.4.6-40.el7_2.7.src.rpm
noarch: httpd-manual-2.4.6-40.el7_2.7.noarch.rpm
x86_64: httpd-2.4.6-40.el7_2.7.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm httpd-devel-2.4.6-40.el7_2.7.x86_64.rpm httpd-tools-2.4.6-40.el7_2.7.x86_64.rpm mod_ssl-2.4.6-40.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.3):
Source: httpd-2.4.6-45.el7_3.6.src.rpm
noarch: httpd-manual-2.4.6-45.el7_3.6.noarch.rpm
x86_64: httpd-2.4.6-45.el7_3.6.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm httpd-devel-2.4.6-45.el7_3.6.x86_64.rpm httpd-tools-2.4.6-45.el7_3.6.x86_64.rpm mod_ssl-2.4.6-45.el7_3.6.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.4):
Source: httpd-2.4.6-67.el7_4.7.src.rpm
noarch: httpd-manual-2.4.6-67.el7_4.7.noarch.rpm
x86_64: httpd-2.4.6-67.el7_4.7.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm httpd-devel-2.4.6-67.el7_4.7.x86_64.rpm httpd-tools-2.4.6-67.el7_4.7.x86_64.rpm mod_session-2.4.6-67.el7_4.7.x86_64.rpm mod_ssl-2.4.6-67.el7_4.7.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
ppc64le: httpd-2.4.6-89.el7_6.2.ppc64le.rpm httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm httpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm httpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm mod_session-2.4.6-89.el7_6.2.ppc64le.rpm mod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.6):
Source: httpd-2.4.6-89.el7_6.2.src.rpm
noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm
x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server AUS (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server E4S (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
ppc64le: httpd-2.4.6-90.el7_7.1.ppc64le.rpm httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm httpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm httpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm mod_session-2.4.6-90.el7_7.1.ppc64le.rpm mod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server TUS (v. 7.7):
Source: httpd-2.4.6-90.el7_7.1.src.rpm
noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm
x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
ppc64: httpd-2.4.6-97.el7_9.1.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64.rpm mod_session-2.4.6-97.el7_9.1.ppc64.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64.rpm
ppc64le: httpd-2.4.6-97.el7_9.1.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm mod_session-2.4.6-97.el7_9.1.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm
s390x: httpd-2.4.6-97.el7_9.1.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm httpd-devel-2.4.6-97.el7_9.1.s390x.rpm httpd-tools-2.4.6-97.el7_9.1.s390x.rpm mod_session-2.4.6-97.el7_9.1.s390x.rpm mod_ssl-2.4.6-97.el7_9.1.s390x.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.2):
x86_64: httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm mod_ldap-2.4.6-40.el7_2.7.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm mod_session-2.4.6-40.el7_2.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.3):
x86_64: httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm mod_ldap-2.4.6-45.el7_3.6.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm mod_session-2.4.6-45.el7_3.6.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.4):
x86_64: httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm mod_ldap-2.4.6-67.el7_4.7.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm mod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm mod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.6):
x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm
Red Hat Enterprise Linux Server Optional AUS (v. 7.7):
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional E4S (v. 7.6):
ppc64le: httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm mod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm mod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional TUS (v. 7.7):
x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm
ppc64le: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm
s390x: httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm mod_ldap-2.4.6-97.el7_9.1.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm
x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: httpd-2.4.6-97.el7_9.1.src.rpm
noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm
x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2021-40438 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa v5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF sNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF gjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx ZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT jCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l 3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9 0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ LhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo QSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7 lUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB 95kGnxWCYaA= =gPcK -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64
- ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021
apache2 regression
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 21.04
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
Summary:
USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem.
Original advisory details:
James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. (CVE-2021-40438)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3
Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6
Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18
In general, a standard system update will make all the necessary changes.
For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6.
For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1.
We recommend that you upgrade your apache2 packages.
For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20
https://security.gentoo.org/
Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20
Synopsis
Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Apache HTTPD users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54"
All Apache HTTPD tools users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54"
References
[ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-20
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202109-1802",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "34"
},
{
"model": "enterprise manager ops center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.4.0.0"
},
{
"model": "clustered data ontap",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "f5os",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "storagegrid",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.3.0"
},
{
"model": "sinema remote connect server",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "3.1"
},
{
"model": "http server",
"scope": "lte",
"trust": 1.0,
"vendor": "apache",
"version": "2.4.48"
},
{
"model": "sinema remote connect server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "3.2"
},
{
"model": "ruggedcom nms",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "*"
},
{
"model": "f5os",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.3"
},
{
"model": "http server",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.2.1.4.0"
},
{
"model": "instantis enterprisetrack",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "17.1"
},
{
"model": "zfs storage appliance kit",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.8"
},
{
"model": "sinema server",
"scope": "eq",
"trust": 1.0,
"vendor": "siemens",
"version": "14.0"
},
{
"model": "f5os",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.2.1"
},
{
"model": "cloud backup",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "tenable.sc",
"scope": "lte",
"trust": 1.0,
"vendor": "tenable",
"version": "5.19.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "10.0"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "35"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "11.0"
},
{
"model": "secure global desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "5.6"
},
{
"model": "sinec nms",
"scope": "lt",
"trust": 1.0,
"vendor": "siemens",
"version": "1.0.3"
},
{
"model": "brocade fabric operating system",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": null
},
{
"model": "f5os",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "1.1.4"
},
{
"model": "oneview",
"scope": null,
"trust": 0.7,
"vendor": "hewlett packard",
"version": null
},
{
"model": "http server",
"scope": "lte",
"trust": 0.6,
"vendor": "apache",
"version": "\u003c=2.4.48"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Anonymous",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
}
],
"trust": 0.7
},
"cve": "CVE-2021-40438",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-40438",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2022-03224",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-401786",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2021-40438",
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2021-40438",
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-40438",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2021-40438",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2022-03224",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-401786",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-40438",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: httpd security update\nAdvisory ID: RHSA-2021:3856-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:3856\nIssue date: 2021-10-14\nCVE Names: CVE-2021-40438 \n=====================================================================\n\n1. Summary:\n\nAn update for httpd is now available for Red Hat Enterprise Linux 7, Red\nHat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux\n7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update\nSupport, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat\nEnterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise\nLinux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7\nAdvanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update\nSupport, and Red Hat Enterprise Linux 7.7 Update Services for SAP\nSolutions. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. \n\nSecurity Fix(es):\n\n* httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n(CVE-2021-40438)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nAfter installing the updated packages, the httpd daemon will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"\n\n6. Package List:\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.2):\n\nSource:\nhttpd-2.4.6-40.el7_2.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-40.el7_2.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-devel-2.4.6-40.el7_2.7.x86_64.rpm\nhttpd-tools-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ssl-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.3):\n\nSource:\nhttpd-2.4.6-45.el7_3.6.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-45.el7_3.6.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-devel-2.4.6-45.el7_3.6.x86_64.rpm\nhttpd-tools-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ssl-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.4):\n\nSource:\nhttpd-2.4.6-67.el7_4.7.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-67.el7_4.7.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-devel-2.4.6-67.el7_4.7.x86_64.rpm\nhttpd-tools-2.4.6-67.el7_4.7.x86_64.rpm\nmod_session-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ssl-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm\nhttpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_session-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.6):\n\nSource:\nhttpd-2.4.6-89.el7_6.2.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-89.el7_6.2.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-devel-2.4.6-89.el7_6.2.x86_64.rpm\nhttpd-tools-2.4.6-89.el7_6.2.x86_64.rpm\nmod_session-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ssl-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server AUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server E4S (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nppc64le:\nhttpd-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm\nhttpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_session-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server TUS (v. 7.7):\n\nSource:\nhttpd-2.4.6-90.el7_7.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-90.el7_7.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-devel-2.4.6-90.el7_7.1.x86_64.rpm\nhttpd-tools-2.4.6-90.el7_7.1.x86_64.rpm\nmod_session-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ssl-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nppc64:\nhttpd-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm\nhttpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_session-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-devel-2.4.6-97.el7_9.1.s390x.rpm\nhttpd-tools-2.4.6-97.el7_9.1.s390x.rpm\nmod_session-2.4.6-97.el7_9.1.s390x.rpm\nmod_ssl-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.2):\n\nx86_64:\nhttpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm\nmod_ldap-2.4.6-40.el7_2.7.x86_64.rpm\nmod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm\nmod_session-2.4.6-40.el7_2.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.3):\n\nx86_64:\nhttpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm\nmod_ldap-2.4.6-45.el7_3.6.x86_64.rpm\nmod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm\nmod_session-2.4.6-45.el7_3.6.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.4):\n\nx86_64:\nhttpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm\nmod_ldap-2.4.6-67.el7_4.7.x86_64.rpm\nmod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.6):\n\nx86_64:\nhttpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm\nmod_ldap-2.4.6-89.el7_6.2.x86_64.rpm\nmod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional AUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional E4S (v. 7.6):\n\nppc64le:\nhttpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional TUS (v. 7.7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm\nmod_ldap-2.4.6-90.el7_7.1.x86_64.rpm\nmod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm\n\nppc64le:\nhttpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm\n\ns390x:\nhttpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm\nmod_ldap-2.4.6-97.el7_9.1.s390x.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nhttpd-2.4.6-97.el7_9.1.src.rpm\n\nnoarch:\nhttpd-manual-2.4.6-97.el7_9.1.noarch.rpm\n\nx86_64:\nhttpd-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-devel-2.4.6-97.el7_9.1.x86_64.rpm\nhttpd-tools-2.4.6-97.el7_9.1.x86_64.rpm\nmod_session-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ssl-2.4.6-97.el7_9.1.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nhttpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm\nmod_ldap-2.4.6-97.el7_9.1.x86_64.rpm\nmod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2021-40438\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa\nv5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF\nsNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF\ngjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx\nZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT\njCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l\n3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9\n0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ\nLhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo\nQSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7\nlUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB\n95kGnxWCYaA=\n=gPcK\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. ==========================================================================\nUbuntu Security Notice USN-5090-3\nSeptember 28, 2021\n\napache2 regression\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 21.04\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n\nSummary:\n\nUSN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream\nfixes introduced a regression in UDS URIs. This update fixes the problem. \n\nOriginal advisory details:\n\n James Kettle discovered that the Apache HTTP Server HTTP/2 module\n incorrectly handled certain crafted methods. A remote attacker could\n possibly use this issue to perform request splitting or cache poisoning\n attacks. \n (CVE-2021-34798)\n Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly\n handled certain request uri-paths. \n This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote\n attacker could use this issue to cause the server to crash, resulting in a\n denial of service, or possibly execute arbitrary code. (CVE-2021-39275)\n It was discovered that the Apache mod_proxy module incorrectly handled\n certain request uri-paths. \n (CVE-2021-40438)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 21.04:\n apache2 2.4.46-4ubuntu1.3\n apache2-bin 2.4.46-4ubuntu1.3\n\nUbuntu 20.04 LTS:\n apache2 2.4.41-4ubuntu3.6\n apache2-bin 2.4.41-4ubuntu3.6\n\nUbuntu 18.04 LTS:\n apache2 2.4.29-1ubuntu4.18\n apache2-bin 2.4.29-1ubuntu4.18\n\nIn general, a standard system update will make all the necessary changes. \n\nFor the oldstable distribution (buster), these problems have been fixed\nin version 2.4.38-3+deb10u6. \n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.4.51-1~deb11u1. \n\nWe recommend that you upgrade your apache2 packages. \n\nFor the detailed security status of apache2 please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/apache2\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8\nTjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou\nD4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ\nM277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q\n4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG\n5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh\njhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ\nTHik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV\nTWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY\nY4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa\n7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO\nA4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0=\n=/At6\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 202208-20\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: High\n Title: Apache HTTPD: Multiple Vulnerabilities\n Date: August 14, 2022\n Bugs: #813429, #816399, #816864, #829722, #835131, #850622\n ID: 202208-20\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n=======\nMultiple vulnerabilities have been discovered in Apache Webserver, the\nworst of which could result in remote code execution. Please\nreview the CVE identifiers referenced below for details. \n\nImpact\n=====\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n=========\nThere is no known workaround at this time. \n\nResolution\n=========\nAll Apache HTTPD users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=www-servers/apache-2.4.54\"\n\nAll Apache HTTPD tools users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-admin/apache-tools-2.4.54\"\n\nReferences\n=========\n[ 1 ] CVE-2021-33193\n https://nvd.nist.gov/vuln/detail/CVE-2021-33193\n[ 2 ] CVE-2021-34798\n https://nvd.nist.gov/vuln/detail/CVE-2021-34798\n[ 3 ] CVE-2021-36160\n https://nvd.nist.gov/vuln/detail/CVE-2021-36160\n[ 4 ] CVE-2021-39275\n https://nvd.nist.gov/vuln/detail/CVE-2021-39275\n[ 5 ] CVE-2021-40438\n https://nvd.nist.gov/vuln/detail/CVE-2021-40438\n[ 6 ] CVE-2021-41524\n https://nvd.nist.gov/vuln/detail/CVE-2021-41524\n[ 7 ] CVE-2021-41773\n https://nvd.nist.gov/vuln/detail/CVE-2021-41773\n[ 8 ] CVE-2021-42013\n https://nvd.nist.gov/vuln/detail/CVE-2021-42013\n[ 9 ] CVE-2021-44224\n https://nvd.nist.gov/vuln/detail/CVE-2021-44224\n[ 10 ] CVE-2021-44790\n https://nvd.nist.gov/vuln/detail/CVE-2021-44790\n[ 11 ] CVE-2022-22719\n https://nvd.nist.gov/vuln/detail/CVE-2022-22719\n[ 12 ] CVE-2022-22720\n https://nvd.nist.gov/vuln/detail/CVE-2022-22720\n[ 13 ] CVE-2022-22721\n https://nvd.nist.gov/vuln/detail/CVE-2022-22721\n[ 14 ] CVE-2022-23943\n https://nvd.nist.gov/vuln/detail/CVE-2022-23943\n[ 15 ] CVE-2022-26377\n https://nvd.nist.gov/vuln/detail/CVE-2022-26377\n[ 16 ] CVE-2022-28614\n https://nvd.nist.gov/vuln/detail/CVE-2022-28614\n[ 17 ] CVE-2022-28615\n https://nvd.nist.gov/vuln/detail/CVE-2022-28615\n[ 18 ] CVE-2022-29404\n https://nvd.nist.gov/vuln/detail/CVE-2022-29404\n[ 19 ] CVE-2022-30522\n https://nvd.nist.gov/vuln/detail/CVE-2022-30522\n[ 20 ] CVE-2022-30556\n https://nvd.nist.gov/vuln/detail/CVE-2022-30556\n[ 21 ] CVE-2022-31813\n https://nvd.nist.gov/vuln/detail/CVE-2022-31813\n\nAvailability\n===========\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202208-20\n\nConcerns?\n========\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n======\nCopyright 2022 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-40438"
},
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164504"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
}
],
"trust": 3.06
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-40438",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-685781",
"trust": 1.1
},
{
"db": "TENABLE",
"id": "TNS-2021-17",
"trust": 1.1
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-22691",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-24-812",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2022-03224",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "168072",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-401786",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-40438",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164513",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164493",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164504",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164505",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164307",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164305",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "164318",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "169132",
"trust": 0.1
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164504"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"id": "VAR-202109-1802",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
}
],
"trust": 1.3031922749999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-03224"
}
]
},
"last_update_date": "2024-09-19T20:54:36.649000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Hewlett Packard Enterprise has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us\u0026docLocale=en_US"
},
{
"title": "Patch for Apache HTTP Server mod_proxy server request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/313356"
},
{
"title": "Red Hat: CVE-2021-40438",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2021-40438"
},
{
"title": "Debian Security Advisories: DSA-4982-1 apache2 -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=93a29f7ecf9a6aaba79d3b3320aa4b85"
},
{
"title": "Arch Linux Issues: ",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2021-40438 log"
},
{
"title": "Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Ops Center API Configuration Manager\u00ef\u00bc\u0152Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories\u0026qid=hitachi-sec-2021-139"
},
{
"title": "Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories\u0026qid=TNS-2021-17"
},
{
"title": "Amazon Linux AMI: ALAS-2021-1543",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2021-1543"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1716",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1716"
},
{
"title": "Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ"
},
{
"title": "CVE-2021-40438 exploit PoC with Docker setup",
"trust": 0.1,
"url": "https://github.com/sixpacksecurity/CVE-2021-40438 "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/gassara-kys/CVE-2021-40438 "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/Kashkovsky/CVE-2021-40438 "
},
{
"title": "scan_ssrf.sh",
"trust": 0.1,
"url": "https://github.com/vsh00t/BB-PoC "
},
{
"title": "CVE-2021-40438",
"trust": 0.1,
"url": "https://github.com/xiaojiangxl/CVE-2021-40438 "
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-918",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-40438"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/202208-20"
},
{
"trust": 1.1,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq"
},
{
"trust": 1.1,
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20211008-0004/"
},
{
"trust": 1.1,
"url": "https://www.tenable.com/security/tns-2021-17"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2021/dsa-4982"
},
{
"trust": 1.1,
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3cusers.httpd.apache.org%3e"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.7,
"url": "https://support.hpe.com/hpesc/public/docdisplay?docid=hpesbgn04586en_us\u0026doclocale=en_us"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-34798"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-39275"
},
{
"trust": 0.4,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2021-40438"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-36160"
},
{
"trust": 0.3,
"url": "https://ubuntu.com/security/notices/usn-5090-1"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-33193"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers.httpd.apache.org%3e"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3856"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3816"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-26691"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3837"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:3836"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://ubuntu.com/security/notices/usn-5090-3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/bugs/1945311"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/apache2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22721"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28614"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-31813"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-29404"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44790"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-28615"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41773"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-41524"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-44224"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-30556"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-42013"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-23943"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22720"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-26377"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164504"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"db": "VULHUB",
"id": "VHN-401786"
},
{
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"db": "PACKETSTORM",
"id": "164513"
},
{
"db": "PACKETSTORM",
"id": "164493"
},
{
"db": "PACKETSTORM",
"id": "164504"
},
{
"db": "PACKETSTORM",
"id": "164505"
},
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "169132"
},
{
"db": "PACKETSTORM",
"id": "168072"
},
{
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-06-18T00:00:00",
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULHUB",
"id": "VHN-401786"
},
{
"date": "2021-09-16T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"date": "2021-10-14T15:26:45",
"db": "PACKETSTORM",
"id": "164513"
},
{
"date": "2021-10-13T14:52:48",
"db": "PACKETSTORM",
"id": "164493"
},
{
"date": "2021-10-13T15:22:35",
"db": "PACKETSTORM",
"id": "164504"
},
{
"date": "2021-10-13T15:23:01",
"db": "PACKETSTORM",
"id": "164505"
},
{
"date": "2021-09-28T15:13:59",
"db": "PACKETSTORM",
"id": "164307"
},
{
"date": "2021-09-28T15:06:35",
"db": "PACKETSTORM",
"id": "164305"
},
{
"date": "2021-09-28T15:23:06",
"db": "PACKETSTORM",
"id": "164318"
},
{
"date": "2021-10-28T19:12:00",
"db": "PACKETSTORM",
"id": "169132"
},
{
"date": "2022-08-15T16:02:48",
"db": "PACKETSTORM",
"id": "168072"
},
{
"date": "2021-09-16T15:15:07.633000",
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-08-15T00:00:00",
"db": "ZDI",
"id": "ZDI-24-812"
},
{
"date": "2022-01-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-03224"
},
{
"date": "2022-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-401786"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-40438"
},
{
"date": "2024-07-24T17:08:07.093000",
"db": "NVD",
"id": "CVE-2021-40438"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "164307"
},
{
"db": "PACKETSTORM",
"id": "164305"
},
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "168072"
}
],
"trust": 0.4
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hewlett Packard Enterprise OneView Apache Server-Side Request Forgery Vulnerability",
"sources": [
{
"db": "ZDI",
"id": "ZDI-24-812"
}
],
"trust": 0.7
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "arbitrary",
"sources": [
{
"db": "PACKETSTORM",
"id": "164318"
},
{
"db": "PACKETSTORM",
"id": "169132"
}
],
"trust": 0.2
}
}