Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMC0C635C3D1BDFFF4279719843730FED33753DFD9A52C5B43AE4A48433A539739
HistoryFeb 03, 2023 - 9:20 p.m.

Security Bulletin: Vulnerabilities have been identified in Spring Framework, OpenSSL and Apache HTTP Server shipped with the DS8000 Hardware Management Console (HMC)

2023-02-0321:20:15
www.ibm.com
43

0.975 High

EPSS

Percentile

100.0%

JSON

Summary

The updates indicated below have been released to address the following vulnerabilities: Spring Framework CVE-2022-22965, OpenSSL vulnerabilities CVE-2022-0778, Apache HTTP Server CVE-2021-26691, CVE-2021-40438, CVE-2021-44790, and CVE-2021-20325.

Vulnerability Details

CVEID:CVE-2022-0778
**DESCRIPTION:**OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition.
CVSS Base score: 7.5
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/221911 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-26691
**DESCRIPTION:**Apache HTTP Server is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the mod_session. By sending a specially crafted SessionHeader, a remote attacker could overflow a buffer and cause a denial of service.
CVSS Base score: 5.9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/203465 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)

CVEID:CVE-2021-40438
**DESCRIPTION:**Apache HTTP Server is vulnerable to server-side request forgery, caused by an error in mod_proxy. By sending a specially crafted request uri-path, a remote attacker could exploit this vulnerability to forward the request to an origin server chosen by the remote user.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/209526 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

CVEID:CVE-2022-22965
**DESCRIPTION:**Spring Framework could allow a remote attacker to execute arbitrary code on the system, caused by the improper handling of PropertyDescriptor objects used with data binding. By sending specially-crafted data to a Spring Java application, an attacker could exploit this vulnerability to execute arbitrary code on the system. Note: The exploit requires Spring Framework to be run on Tomcat as a WAR deployment with JDK 9 or higher using spring-webmvc or spring-webflux. Note: This vulnerability is also known as Spring4Shell or SpringShell.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/223103 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-44790
**DESCRIPTION:**Apache HTTP Server is vulnerable to a buffer overflow, caused by improper bounds checking in the mod_lua multipart parser called from Lua scripts). By sending a specially crafted request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVSS Base score: 9.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/215686 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

CVEID:CVE-2021-20325
**DESCRIPTION:**Red Hat Enterprise Linux is vulnerable to a buffer overflow, caused by the missing fixes for CVE-2021-40438 and CVE-2021-26691 in the versions of httpd. By sending specially crafted requests, a remote attacker could overflow a buffer and or perform SSRF attacks.
CVSS Base score: 9
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/220125 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)

Affected Products and Versions

Affected Product(s) Version(s)
R9.0x 89.0x.xx.xx
R9.1x 89.1x.xx.xx
R9.2x 89.2x.xx.xx

Remediation/Fixes

Note: The code is vulnerable to both CVE-2021-40438 and CVE-2022-0778.

Note: The code is not vulnerable to the others (CVE-2021-26691, CVE-2022-22965, CVE-2021-44790, CVE-2021-20325), i.e. the flawed code exists in the product but cannot be exploited.

R9.3 (89.30.68.0) with the fix has been provided.

R9.2 SP2 (89.22.17.0) with the fix has been provided.

For the current recommended code releases, please see <https://www.ibm.com/support/pages/ds8000-code-recommendation&gt;

Workarounds and Mitigations

None

CPENameOperatorVersion
r9.0xeq89.0x
r9.1xeq89.1x
r9.2xeq89.2x

Related

cve 4
debiancve 3
prion 3
osv 12
ubuntucve 3
nessus 40
rocky 4
redhatcve 4
almalinux 3
redhat 17
oraclelinux 5
rosalinux 1
openvas 9
centos 2
ics 1
thn 1
talosblog 1
rapid7blog 4
trendmicroblog 3
ibm 15
msrc 2
githubexploit 32
nuclei 1
hackerone 1
photon 1
cbl_mariner 5
f5 2
checkpoint_advisories 2
vmware 1
vaadin 1
packetstorm 2
veracode 2
cnvd 2
alpinelinux 1
httpd 1
cisa_kev 2
altlinux 1
metasploit 1
kitploit 1
zdt 2
github 1
cve
cve
CVE-2021-20325
2022-02-18 18:15:00
CVE-2021-44790
2021-12-20 12:15:00
CVE-2022-22965
2022-04-01 23:15:00
debiancve
debiancve
CVE-2021-20325
2022-02-18 18:15:00
CVE-2021-44790
2021-12-20 12:15:00
CVE-2021-40438
2021-09-16 15:15:00
prion
prion
Design/Logic Flaw
2022-02-18 18:15:00
Design/Logic Flaw
2021-09-16 15:15:00
Buffer overflow
2021-12-20 12:15:00
osv
osv
Important: httpd:2.4 security update
2021-11-09 19:25:44
Important: httpd:2.4 security update
2021-11-09 19:25:44
Important: httpd:2.4 security update
2021-10-12 15:53:03
ubuntucve
ubuntucve
CVE-2021-20325
2022-02-18 00:00:00
CVE-2022-22965
2022-04-01 00:00:00
CVE-2021-44790
2021-12-20 00:00:00
nessus
nessus
RHEL 8 : httpd:2.4 (RHSA-2021:4537)
2021-11-11 00:00:00
CentOS 8 : httpd:2.4 (CESA-2021:4537)
2021-11-11 00:00:00
Rocky Linux 8 : httpd:2.4 (RLSA-2021:4537)
2023-11-07 00:00:00
rocky
rocky
httpd:2.4 security update
2021-11-09 19:25:44
httpd:2.4 security update
2021-10-12 15:53:03
httpd:2.4 security update
2022-01-25 12:49:42
redhatcve
redhatcve
CVE-2021-20325
2021-11-09 09:06:32
CVE-2022-22965
2022-03-31 18:32:57
CVE-2021-44790
2021-12-21 17:04:26
almalinux
almalinux
Important: httpd:2.4 security update
2021-11-09 19:25:44
Important: httpd:2.4 security update
2021-10-12 15:53:03
Important: httpd:2.4 security update
2022-01-25 12:49:42
redhat
redhat
(RHSA-2021:4537) Important: httpd:2.4 security update
2021-11-09 19:25:44
(RHSA-2021:3816) Important: httpd:2.4 security update
2021-10-12 15:53:03
(RHSA-2022:0143) Important: httpd security update
2022-01-17 08:16:34
oraclelinux
oraclelinux
httpd:2.4 security update
2021-10-13 00:00:00
httpd:2.4 security update
2021-11-18 00:00:00
httpd security update
2022-01-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2158
2023-04-25 11:30:17
openvas
openvas
Huawei EulerOS: Security Advisory for httpd (EulerOS-SA-2023-1074)
2023-01-09 00:00:00
CentOS: Security Advisory for httpd (CESA-2022:0143)
2022-01-26 00:00:00
Apache HTTP Server <= 2.4.51 Buffer Overflow Vulnerability - Windows
2021-12-21 00:00:00
centos
centos
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2022-01-25 17:31:14
httpd, mod_ldap, mod_proxy_html, mod_session, mod_ssl security update
2021-11-17 14:59:00
ics
ics
Mitsubishi Electric MELSOFT iQ AppPortal
2022-05-12 12:00:00
thn
thn
Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
2022-03-31 15:35:00
talosblog
talosblog
Threat Advisory: Spring4Shell
2022-04-04 10:26:10
rapid7blog
rapid7blog
It’s the Summer of AppSec: Q2 Improvements to Our Industry-Leading DAST and WAAP
2022-07-13 15:45:00
XSS in JSON: Old-School Attacks for Modern Applications
2022-05-04 15:48:03
Securing Your Applications Against Spring4Shell (CVE-2022-22965)
2022-04-01 22:26:36
trendmicroblog
trendmicroblog
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
2022-04-08 00:00:00
Analyzing Attempts to Exploit the Spring4Shell Vulnerability CVE-2022-22965 to Deploy Cryptocurrency Miners
2022-04-20 00:00:00
Spring4Shell Vulnerability CVE-2022-22965 Exploited to Deploy Cryptocurrency Miners
2022-04-20 00:00:00
ibm
ibm
Security Bulletin: IBM Maximo For Civil infrastructure is vulnerable to a remote code execution in Spring Framework (CVE-2022-22965)
2022-04-11 15:15:01
Security Bulletin: IBM Rational Build Forge is affected by Apache HTTP Server version used in it. (CVE-2021-44790)
2022-03-02 14:54:05
Security Bulletin: IBM Robotic Process Automation with Automation Anywhere is affected but not classified as vulnerable by a remote code execution in Spring Framework (CVE-2022-22965)
2022-05-19 16:14:28
msrc
msrc
Microsoft’s Response to CVE-2022-22965 Spring Framework
2022-04-05 07:00:00
Microsoft’s Response to CVE-2022-22965 Spring Framework
2022-04-05 07:00:00
githubexploit
githubexploit
Exploit for Code Injection in Vmware Spring Framework
2022-11-28 14:34:51
Exploit for Code Injection in Vmware Spring Framework
2022-04-01 12:18:29
Exploit for Code Injection in Vmware Spring Framework
2022-04-29 09:58:05
nuclei
nuclei
Spring - Remote Code Execution
2022-04-01 11:43:45
hackerone
hackerone
Internet Bug Bounty: Buffer overflow in req_parsebody method in lua_request.c
2021-12-22 13:20:52
photon
photon
Critical Photon OS Security Update - PHSA-2022-0142
2022-01-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-44790 affecting package httpd for versions less than 2.4.52-1
2022-04-09 06:51:57
CVE-2021-44790 affecting package httpd 2.4.51-1
2022-01-10 03:59:19
CVE-2021-26691 affecting package httpd 2.4.46-6
2021-07-08 21:56:40
f5
f5
K53280389 : Apache HTTP server vulnerability CVE-2021-44790
2021-12-29 00:00:00
K01552024 : Apache vulnerability CVE-2021-40438
2021-10-21 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server Server-Side Request Forgery (CVE-2021-40438)
2021-10-18 00:00:00
Spring Core Remote Code Execution (CVE-2022-22965)
2022-03-31 00:00:00
vmware
vmware
VMware Response to Spring Framework Remote Code Execution Vulnerability (CVE-2022-22965)
2022-04-02 00:00:00
vaadin
vaadin
Spring Core Remote Code Execution via Data Binding on JDK 9+
2022-04-01 00:00:00
packetstorm
packetstorm
Spring4Shell Spring Framework Class Property Remote Code Execution
2022-05-10 00:00:00
Apache 2.4.x Buffer Overflow
2023-04-03 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-06-13 03:24:47
Buffer Overflow
2021-12-21 09:34:13
cnvd
cnvd
Apache HTTP Server mod_proxy server-side request forgery vulnerability
2021-09-18 00:00:00
Apache HTTP Server Buffer Overflow Vulnerability (CNVD-2021-102386)
2021-12-24 00:00:00
alpinelinux
alpinelinux
CVE-2021-44790
2021-12-20 12:15:00
httpd
httpd
Apache Httpd < 2.4.52 : Possible buffer overflow when parsing multipart content in mod_lua of Apache HTTP Server 2.4.51 and earlier
2021-12-20 00:00:00
cisa_kev
cisa_kev
Apache HTTP Server-Side Request Forgery (SSRF)
2021-12-01 00:00:00
Spring Framework JDK 9+ Remote Code Execution Vulnerability
2022-04-04 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 1:2.4.48-alt3.1
2021-07-22 00:00:00
metasploit
metasploit
Spring Framework Class property RCE (Spring4Shell)
2022-04-07 13:22:18
kitploit
kitploit
Spring4Shell-POC - Dockerized Spring4Shell (CVE-2022-22965) PoC Application And Exploit
2022-05-10 12:30:00
zdt
zdt
Spring4Shell Spring Framework Class Property Remote Code Execution Exploit
2022-05-10 00:00:00
Apache 2.4.x - Buffer Overflow Exploit
2023-04-02 00:00:00
github
github
Remote Code Execution in Spring Framework
2022-03-31 18:30:50

0.975 High

EPSS

Percentile

100.0%

JSON
Related for C0C635C3D1BDFFF4279719843730FED33753DFD9A52C5B43AE4A48433A539739
cve4debiancve3prion3osv12ubuntucve3nessus40rocky4redhatcve4almalinux3redhat17oraclelinux5rosalinux1openvas9centos2ics1thn1talosblog1rapid7blog4trendmicroblog3ibm15msrc2githubexploit32nuclei1hackerone1photon1cbl_mariner5f52checkpoint_advisories2vmware1vaadin1packetstorm2veracode2cnvd2alpinelinux1httpd1cisa_kev2altlinux1metasploit1kitploit1zdt2github1