Lucene search

PRIOn knowledge basePRION:CVE-2021-22696

HistoryApr 02, 2021 - 10:15 a.m.

Authorization

2021-04-0210:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

CXF supports (via JwtRequestCodeFilter) passing OAuth 2 parameters via a JWT token as opposed to query parameters (see: The OAuth 2.0 Authorization Framework: JWT Secured Authorization Request (JAR)). Instead of sending a JWT token as a “request” parameter, the spec also supports specifying a URI from which to retrieve a JWT token from via the “request_uri” parameter. CXF was not validating the “request_uri” parameter (apart from ensuring it uses "https) and was making a REST request to the parameter in the request to retrieve a token. This means that CXF was vulnerable to DDos attacks on the authorization server, as specified in section 10.4.1 of the spec. This issue affects Apache CXF versions prior to 3.4.3; Apache CXF versions prior to 3.3.10.

CPENameOperatorVersion
cxfge3.4.0
cxflt3.4.3
cxflt3.3.10
business_intelligenceeq12.2.1.3.0
business_intelligenceeq12.2.1.4.0
business_intelligenceeq5.5.0.0.0
business_intelligenceeq5.9.0.0.0
communications_diameter_intelligence_hubge8.0.0
communications_diameter_intelligence_huble8.1.0
communications_diameter_intelligence_hubge8.2.0

Name	Operator	Version
cxf	ge	3.4.0
cxf	lt	3.4.3
cxf	lt	3.3.10
business_intelligence	eq	12.2.1.3.0
business_intelligence	eq	12.2.1.4.0
business_intelligence	eq	5.5.0.0.0
business_intelligence	eq	5.9.0.0.0
communications_diameter_intelligence_hub	ge	8.0.0
communications_diameter_intelligence_hub	le	8.1.0
communications_diameter_intelligence_hub	ge	8.2.0

Rows per page:

1-10 of 161

References

www.openwall.com/lists/oss-security/2021/04/02/2

cxf.apache.org/security-advisories.data/CVE-2021-22696.txt.asc

lists.apache.org/thread.html/r6445001cc5f9a2bb1e6316993753306e054bdd1d702656b7cbe59045@%3Cannounce.apache.org%3E

lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cdev.cxf.apache.org%3E

lists.apache.org/thread.html/r8651c06212c56294a1c0ea61a5ad7790c06502209c03f05c0c7c9914@%3Cusers.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E

www.oracle.com/security-alerts/cpuapr2022.html

www.oracle.com/security-alerts/cpuoct2021.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.3 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

70.3%

JSON

Related for PRION:CVE-2021-22696