Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2023-05682

Опубликовано: 18 апр. 2023
Источник: fstec
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

Уязвимость контейнера сервлетов Eclipse Jetty связана с ошибками проверки синтаксической корректности ввода. Эксплуатация уязвимости может позволить нарушителю , действующему удаленно, внедрить одни cookies внутрь других и повлиять на их обработку

Вендор

Red Hat Inc.
Eclipse Foundation
АО "НППКТ"

Наименование ПО

Red Hat Enterprise Linux
JBoss Enterprise Application Platform
Red Hat Single Sign-On
Red Hat build of Quarkus
Red Hat Integration Camel K
Red Hat Integration Service Registry
Red Hat Integration Camel Quarkus
Red Hat JBoss Enterprise Application Platform Expansion Pack
Red Hat Satellite
OpenShift Developer Tools and Services
Migration Toolkit for Applications
OpenShift Serverless
Migration Toolkit for Runtimes
Red Hat JBoss A-MQ Streams
Jetty
ОСОН ОСнова Оnyx

Версия ПО

8 (Red Hat Enterprise Linux)
7 (JBoss Enterprise Application Platform)
7 (Red Hat Single Sign-On)
- (Red Hat build of Quarkus)
- (Red Hat Integration Camel K)
- (Red Hat Integration Service Registry)
- (Red Hat Integration Camel Quarkus)
- (Red Hat JBoss Enterprise Application Platform Expansion Pack)
6 (Red Hat Satellite)
9 (Red Hat Enterprise Linux)
- (OpenShift Developer Tools and Services)
6 (Migration Toolkit for Applications)
- (OpenShift Serverless)
- (Migration Toolkit for Runtimes)
- (Red Hat JBoss A-MQ Streams)
от 11.0.0 до 11.0.14 (Jetty)
от 10.0.0 до 10.0.14 (Jetty)
до 9.4.51 (Jetty)
12.0.0alpha2 (Jetty)
12.0.0alpha3 (Jetty)
12.0.0alpha1 (Jetty)
до 2.9 (ОСОН ОСнова Оnyx)

Тип ПО

Операционная система
Прикладное ПО информационных систем
Сетевое программное средство
Сетевое средство

Операционные системы и аппаратные платформы

Red Hat Inc. Red Hat Enterprise Linux 8
Red Hat Inc. Red Hat Enterprise Linux 9
АО "НППКТ" ОСОН ОСнова Оnyx до 2.9

Уровень опасности уязвимости

Средний уровень опасности (базовая оценка CVSS 2.0 составляет 5)
Средний уровень опасности (базовая оценка CVSS 3.0 составляет 5,3)

Возможные меры по устранению уязвимости

Использование рекомендаций:
Для Eclipse Jetty:
https://github.com/eclipse/jetty.project/security/advisories/GHSA-p26g-97m4-6q7c
https://github.com/eclipse/jetty.project/pull/9352
https://github.com/eclipse/jetty.project/pull/9339
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-26049
Для ОСОН ОСнова Оnyx:
Обновление программного обеспечения jetty9 до версии 9.4.50+repack-4+deb11u1.osnova1

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 55%
0.00322
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Связанные уязвимости

redos логотип

ROS-20240729-10

CVSS3: 5.3
redos
11 месяцев назад

Множественные уязвимости jetty

ubuntu логотип

CVE-2023-26049

CVSS3: 2.4
ubuntu
около 2 лет назад

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that po...

redhat логотип

CVE-2023-26049

CVSS3: 5.3
redhat
около 2 лет назад

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that po...

nvd логотип

CVE-2023-26049

CVSS3: 2.4
nvd
около 2 лет назад

Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that polic

debian логотип

CVE-2023-26049

CVSS3: 2.4
debian
около 2 лет назад

Jetty is a java based web server and servlet engine. Nonstandard cooki ...

EPSS

Процентиль: 55%
0.00322
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2