SB20200414102 - Multiple vulnerabilities in AMQ Broker 7.4
Published: April 14, 2020 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2019-0222)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing corrupt MQTT frames. A remote attacker can consume all memory resources on the system and perform a denial of service (DoS) attack.
2) Resource exhaustion (CVE-ID: CVE-2019-9511)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing HTTP/2 requests. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that support for HTTP/2 is enabled.
3) Resource exhaustion (CVE-ID: CVE-2019-9512)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Resource exhaustion (CVE-ID: CVE-2019-9514)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.
5) Resource management error (CVE-ID: CVE-2019-9515)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in HTTP/2 implementation when processing SETTINGS frames. A remote attacker can send a huge amount of SETTINGS frames to the peer and consume excessive CPU and memory on the system.
6) Resource exhaustion (CVE-ID: CVE-2019-9516)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing HTTP/2 requests within the ngx_http_v2_module module. A remote attacker can send a specially crafted HTTP/2 request the affected server, consume all available CPU resources and perform a denial of service (DoS) attack.
Successful exploitation of the vulnerability requires that support for HTTP/2 is enabled.
7) Resource management error (CVE-ID: CVE-2019-9517)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of HTTP/2 protocol. A remote attacker can open the HTTP/2 window so the peer can send without constraint; however, they leave the TCP window closed so the peer cannot actually write (many of) the bytes on the wire. The attacker then sends a stream of requests for a large response object. Depending on how the servers queue the responses, this can consume excess memory, CPU, or both.8) Resource exhaustion (CVE-ID: CVE-2019-9518)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of user-supplied input within the HTTP.sys driver when processing HTTP/2 requests. A remote attacker can send specially crafted HTTP packets to the affected system trigger resource exhaustion and perform a denial of service (DoS) attack.
9) Cross-site scripting (CVE-ID: CVE-2019-10241)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
10) Improper input validation (CVE-ID: CVE-2019-10247)
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Integrator Acquistion System (Eclipse Jetty) component in Oracle Endeca Information Discovery Integrator. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
11) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2019-16869)
The vulnerability allows a remote attacker to perform HTTP request smuggling attack.
The vulnerability exists due to improper input validation when processing a whitespace before the colon in HTTP headers (e.g. "Transfer-Encoding : chunked"). A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.
12) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2019-20444)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to incorrect processing of HTTP headers without the colon within the HttpObjectDecoder.java file in Netty. A remote attacker can send a specially crafted HTTP request to the application and perform HTTP request smuggling attack.
13) HTTP response splitting (CVE-ID: CVE-2019-20445)
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not corrector process CRLF character sequences within the HttpObjectDecoder.java in Netty, which allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
14) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2020-7238)
The vulnerability allows a remote attacker to perform HTTP request smuggling attack.
The vulnerability exists due to improper input validation when processing a whitespace before the colon in HTTP headers (e.g. "Transfer-Encoding : chunked") and a later Content-Length header. A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.
This issue exists because of an incomplete fix for CVE-2019-16869 (SB2019092616).
Remediation
Install update from vendor's website.