SB2024091602 - Multiple vulnerabilities in AMQ Streams 2.5 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024091602

SB2024091602 - Multiple vulnerabilities in AMQ Streams 2.5

Published: September 16, 2024 Updated: December 6, 2024

Security Bulletin ID SB2024091602
Severity
High
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 8% Medium 83% Low 8%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Path traversal (CVE-ID: CVE-2023-46122)

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can trick the victim to open a specially crafted zip or JAR file and overwrite arbitrary files on the system, such as /root/.ssh/authorized_keys, which can result in full system compromise.


2) Improper access control (CVE-ID: CVE-2024-23944)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in persistent watchers. A remote user can bypass implemented security restrictions and obtain user names or login identifiers.


3) Authorization bypass through user-controlled key (CVE-ID: CVE-2023-44981)

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to improper implementation of SASL Quorum Peer authentication. The instance part in SASL authentication ID, which is listed in zoo.cfg server list, is optional and if it's missing, the authorization check will be skipped. As a result an arbitrary endpoint could join the cluster and begin propagating counterfeit changes to the leader, essentially giving it complete read-write access to the data tree.


4) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-43642)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to missing upper bound check on chunk length. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


5) Resource exhaustion (CVE-ID: CVE-2023-34455)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.


6) Incorrect authorization (CVE-ID: CVE-2024-27309)

The vulnerability allows a remote attacker to gain access to sensitive information and modify data on the system.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can gain access to sensitive information and modify data on the system.


7) Memory leak (CVE-ID: CVE-2024-1300)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak in TCP servers configured with TLS and SNI support. A remote attacker can pass a specially crafted certificate to the application and perform a denial of service (DoS) attack.


8) Information disclosure (CVE-ID: CVE-2024-29025)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application in HttpPostRequestDecoder. A remote attacker can gain unauthorized access to sensitive information on the system.


9) Resource exhaustion (CVE-ID: CVE-2023-44487)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".

Note, the vulnerability is being actively exploited in the wild.


10) Resource exhaustion (CVE-ID: CVE-2023-52428)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of user requests by the PasswordBasedDecrypter (PBKDF2) component. A remote attacker can send a specially crafted request using a large JWE p2c header, trigger resource exhaustion and perform a denial of service (DoS) attack.


11) Resource exhaustion (CVE-ID: CVE-2023-51775)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion via large p2c (aka PBES2 Count) value and perform a denial of service (DoS) attack.


12) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-5072)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.


Remediation

Install update from vendor's website.

References