SB2020072367 - Multiple vulnerabilities in AMQ Broker 7.4

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Improper input validation (CVE-ID: CVE-2018-15756)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists in Pivotal Software Spring Framework due to improper handling of range requests. A remote attacker can send a specially crafted request that contains an additional range header with a high number of ranges or with wide ranges that overlap and cause the service to crash.

2) Code Injection (CVE-ID: CVE-2020-1953)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure configuration of third-party library for parsing YAML files. A remote attacker with ability to pass YAML file to the application can inject and execute arbitrary code on the system.

3) Cleartext storage of sensitive information (CVE-ID: CVE-2020-10727)

The vulnerability allows a local user to gain access to passwords of application users.

The vulnerability exists due to ActiveMQ Artemis management API stores passwords in plaintext in the Artemis shadow file (etc/artemis-users.properties file) when executing the `resetUsers` operation. A local user can view contents of the Artemis shadow file and obtain passwords of application users.

4) Resource exhaustion (CVE-ID: CVE-2020-11612)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within ZlibDecoders in Netty while decoding a ZlibEncoded byte stream. A remote attacker can trigger resource exhaustion by passing an overly large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.

Remediation

Install update from vendor's website.

References

• https://access.redhat.com/errata/RHSA-2020:3133