Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1175013 - (CVE-2014-8110) CVE-2014-8110 Apache ActiveMQ: various flaws, XSS, XXE, LDAP wildcard interpretation
CVE-2014-8110 Apache ActiveMQ: various flaws, XSS, XXE, LDAP wildcard interpr...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150205,repor...
: Security
Depends On:
Blocks: 1171373
  Show dependency treegraph
 
Reported: 2014-12-16 19:19 EST by Chess Hazlett
Modified: 2015-02-16 14:53 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-02-16 14:53:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
description of vulns (5.82 KB, text/plain)
2014-12-18 16:37 EST, Chess Hazlett 		no flags Details
AMQ XXE POC (2.73 KB, text/plain)
2014-12-18 16:38 EST, Chess Hazlett 		no flags Details
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Chess Hazlett 2014-12-16 19:19:21 EST 
1. XSS: Due to improper user data output validation, several instances of cross-site scripting vulnerabilities were identified to be present in the web based administration console.

2. XXE: It is possible for a consumer dequeuing XML message(s) to specify an XPath based selector thus causing the broker to evaluate the expression and attempt to match it against the messages in the queue while also performing an XML external entity resolution.

3. LDAP Wildcard Interpretation: When LDAP authentication is enabled, it is possible for an attacker to supply a wildcard operator instead of a username, which will effectively allow him to brute force a password for an unknown but valid account as opposed to brute forcing a combination of username and password. Once a valid password is found, the attacker can successfully authenticate with LDAP and publish/subscribe to a queue.
Comment 1 Chess Hazlett 2014-12-18 16:37:27 EST 
Created attachment 970844 [details]
description of vulns
Comment 2 Chess Hazlett 2014-12-18 16:38:03 EST 
Created attachment 970845 [details]
AMQ XXE POC
Comment 3 Chess Hazlett 2015-02-16 14:53:59 EST 
Per discussion with Dejan Bosanac on IRC, no RH fuse products are affected by CVE-2014-8110; it was introduced by a community commit that was never backported. Closing the flaw.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.