SB2022090508 - Multiple vulnerabilities in IBM API Connect
Published: September 5, 2022 Updated: February 2, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 14 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2019-0211)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within MPM implementation due to the application does not properly maintain each child's listener bucket number in the scoreboard that may lead to unprivileged code or scripts run by server (e.g. via mod_php) to modify the scoreboard and abuse the privileged main process.
A local user can execute arbitrary code on the system with privileges of the Apache HTTP Server code process.
2) Use of Uninitialized Variable (CVE-ID: CVE-2020-1934)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the "mod_proxy_ftp" may use uninitialized memory when proxying to a malicious FTP server. A remote attacker can gain unauthorized access to sensitive information on the target system.
3) Open redirect (CVE-ID: CVE-2020-1927)
The vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data in some "mod_rewrite" configurations. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
4) Input validation error (CVE-ID: CVE-2019-10098)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to incorrect handling of encoded line break characters within rewrite rules. A remote attacker can send a specially crafted HTTP request and potentially bypass security restrictions.
5) Cross-site scripting (CVE-ID: CVE-2019-10092)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data on the mod_proxy error page. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
6) XML External Entity injection (CVE-ID: CVE-2018-20843)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied XML input including XML names that contain a large number of colons. A remote attacker can pass a specially crafted XML code to the affected application and view contents of arbitrary files on the system or initiate requests to external systems.
Successful exploitation of the vulnerability may allow an attacker to view contents of arbitrary file on the server or perform network scanning of internal and external infrastructure.
7) Input validation error (CVE-ID: CVE-2019-0220)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the web server does not merge consecutive slashes in URLs, that can lead to incorrect processing of requests when accessing CGI programs. Such web server behavior may lead to security restrictions bypass.
8) Out-of-bounds read (CVE-ID: CVE-2018-1301)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper validation of user-supplied input. A remote attacker can send a specially crafted HTTP request to trigger an out-of-bounds memory access error after a header size limit has been reached to cause the target service to crash.
9) Security restrictions bypass (CVE-ID: CVE-2017-15715)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists on systems that allow uploading of user-specified filenames due to the '<FilesMatch>' expression may not correctly match characters in a filename. A remote attacker can supply a specially crafted filename to potentially bypass security controls that use the '<FilesMatch>' directive.
10) Out-of-bounds write (CVE-ID: CVE-2017-15710)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in HTTPD mod_authnz_ldap due to improper validation of user-supplied input. A remote attacker can send a specially crafted Accept-Language header value, trigger an out-of-bounds memory write error and potentially cause the target service to crash.
11) Out-of-bounds read (CVE-ID: CVE-2017-12613)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.
12) Information disclosure (CVE-ID: CVE-2017-12618)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to an out-of-bounds array dereference in the apr_time_exp_get() function. A remote attacker can access prior out-of-bounds memory, reveal the contents of a different static heap value and read arbitrary files or cause the application to crash.
13) Use-after-free (CVE-ID: CVE-2017-9798)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to use-after-free error when processing HTTP OPTIONS requests in server/core.c, when limits are configured in .htaccess or httpd.conf configuration files. A remote unauthenticated attacker can read portions of memory through HTTP OPTIONS requests and gain access to potentially sensitive data.
The vulnerability is dubbed Optionsbleed.
14) Out-of-bounds read (CVE-ID: CVE-2017-7679)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds read within the mod_mime when constructing Content-Type response header. A remote attacker read one byte pas the end of a buffer when sending a malicious Content-Type response header.
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-ibm-http-server/"
- https://www.ibm.com/blogs/psirt/security-bulletin-ibm-api-connect-is-impacted-by-multiple-vulnerabilities-in-ibm-http-server/</a><br>
- https://www.ibm.com/support/pages/node/6489787<br><br></p>