cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhishek Singh (Jira)" <j...@apache.org>
Subject [jira] [Created] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)
Date Wed, 13 Nov 2019 09:36:00 GMT
Abhishek Singh created CASSANDRA-15423:
------------------------------------------

             Summary: CVE-2015-2156 (Netty is vulnerable to Information Disclosure) 
                 Key: CASSANDRA-15423
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15423
             Project: Cassandra
          Issue Type: Bug
            Reporter: Abhishek Singh


*Description :**Description :* *Severity :* CVE CVSS 3.0: 7.5Sonatype CVSS 3.0: 7.5
 
 *Weakness :* CVE CWE: 20
 
 *Source :* National Vulnerability Database
 
 *Categories :* Data 
 *Description from CVE :* Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before
4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow
remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by
leveraging improper validation of cookie name and value characters.
 
 *Explanation :* Netty is vulnerable to Information Disclosure.Multiple methods in multiple
files improperly validate cookie names and values. This allows the presence of single-quote
and double-quote characters to break tokenization.A remote attacker can exploit this vulnerability
by inducing a victim to send a crafted request containing quote characters in any parameter
value that sets a cookie.If that tainted cookie gets reflected in the response, the attacker
can then use Cross-Site Scripting (XSS) to potentially retrieve the entire cookie header,
despite the presence of an HttpOnly flag.
The Sonatype security research team discovered that the vulnerability is present in all versions
prior to 3.9.7.Final and 3.10.x before 3.10.2.Final, and not in all the versions before 3.9.8.Final
and 3.10.x before 3.10.3.Final as the advisory states. 
 *Detection :* The application is vulnerable by using this component if it reflects any cookie
information in a HTML page, and that page is also prone to Cross-Site Scripting (XSS) attacks. 
 *Recommendation :* We recommend upgrading to a version of this component that is not vulnerable
to this specific issue. 
 *Root Cause :* Cassandra-2.2.5.nupkgCookieDecoder.class : [5.0.0.Alpha1, 5.0.0.Alpha2)
 
 *Advisories :* Project: https://engineering.linkedin.com/security/look-netty_s-recen...
 
 *CVSS Details :* CVE CVSS 3.0: 7.5
*Occurences (Paths) :* [" apache-cassandra.zip/bin/cassandra.in.bat" ; " apache-cassandra.zip/bin/cassandra.in.sh"
; " apache-cassandra.zip/bin/cqlsh.bat" ; " apache-cassandra.zip/bin/debug-cql.bat" ; " apache-cassandra.zip/bin/source-conf.ps1"
; " apache-cassandra.zip/bin/sstableloader.bat" ; " apache-cassandra.zip/bin/sstablescrub.bat"
; " apache-cassandra.zip/bin/sstableupgrade.bat" ; " apache-cassandra.zip/bin/sstableverify.bat"
; " apache-cassandra.zip/bin/stop-server" ; " apache-cassandra.zip/bin/stop-server.bat" ;
" apache-cassandra.zip/bin/stop-server.ps1" ; " apache-cassandra.zip/conf/README.txt" ; "
apache-cassandra.zip/conf/cassandra-rackdc.properties" ; " apache-cassandra.zip/conf/cassandra-topology.properties"
; " apache-cassandra.zip/conf/commitlog_archiving.properties" ; " apache-cassandra.zip/conf/triggers/README.txt"
; " apache-cassandra.zip/lib/ST4-4.0.8.jar" ; " apache-cassandra.zip/lib/airline-0.6.jar"
; " apache-cassandra.zip/lib/antlr-runtime-3.5.2.jar" ; " apache-cassandra.zip/lib/commons-cli-1.1.jar"
; " apache-cassandra.zip/lib/commons-lang3-3.1.jar" ; " apache-cassandra.zip/lib/commons-math3-3.2.jar"
; " apache-cassandra.zip/lib/compress-lzf-0.8.4.jar" ; " apache-cassandra.zip/lib/concurrentlinkedhashmap-lru-1.4.jar"
; " apache-cassandra.zip/lib/disruptor-3.0.1.jar" ; " apache-cassandra.zip/lib/ecj-4.4.2.jar"
; " apache-cassandra.zip/lib/futures-2.1.6-py2.py3-none-any.zip" ; " apache-cassandra.zip/lib/high-scale-lib-1.0.6.jar"
; " apache-cassandra.zip/lib/jamm-0.3.0.jar" ; " apache-cassandra.zip/lib/javax.inject.jar"
; " apache-cassandra.zip/lib/jbcrypt-0.3m.jar" ; " apache-cassandra.zip/lib/jcl-over-slf4j-1.7.7.jar"
; " apache-cassandra.zip/lib/joda-time-2.4.jar" ; " apache-cassandra.zip/lib/json-simple-1.1.jar"
; " apache-cassandra.zip/lib/libthrift-0.9.2.jar" ; " apache-cassandra.zip/lib/licenses/ST4-4.0.8.txt"
; " apache-cassandra.zip/lib/licenses/antlr-runtime-3.5.2.txt" ; " apache-cassandra.zip/lib/licenses/compress-lzf-0.8.4.txt"
; " apache-cassandra.zip/lib/licenses/concurrent-trees-2.4.0.txt" ; " apache-cassandra.zip/lib/licenses/ecj-4.4.2.txt"
; " apache-cassandra.zip/lib/licenses/futures-2.1.6.txt" ; " apache-cassandra.zip/lib/licenses/high-scale-lib-1.0.6.txt"
; " apache-cassandra.zip/lib/licenses/jbcrypt-0.3m.txt" ; " apache-cassandra.zip/lib/licenses/jcl-over-slf4j-1.7.7.txt"
; " apache-cassandra.zip/lib/licenses/jna-4.2.2.txt" ; " apache-cassandra.zip/lib/licenses/jstackjunit-0.0.1.txt"
; " apache-cassandra.zip/lib/licenses/log4j-over-slf4j-1.7.7.txt" ; " apache-cassandra.zip/lib/licenses/logback-classic-1.1.3.txt"
; " apache-cassandra.zip/lib/licenses/logback-core-1.1.3.txt" ; " apache-cassandra.zip/lib/licenses/lz4-1.3.0.txt"
; " apache-cassandra.zip/lib/licenses/metrics-core-3.1.0.txt" ; " apache-cassandra.zip/lib/licenses/metrics-jvm-3.1.0.txt"
; " apache-cassandra.zip/lib/licenses/ohc-0.4.4.txt" ; " apache-cassandra.zip/lib/licenses/reporter-config-base-3.0.3.txt"
; " apache-cassandra.zip/lib/licenses/reporter-config3-3.0.3.txt" ; " apache-cassandra.zip/lib/licenses/sigar-1.6.4.txt"
; " apache-cassandra.zip/lib/licenses/six-1.7.3.txt" ; " apache-cassandra.zip/lib/licenses/slf4j-api-1.7.7.txt"
; " apache-cassandra.zip/lib/licenses/stream-2.5.2.txt" ; " apache-cassandra.zip/lib/log4j-over-slf4j-1.7.7.jar"
; " apache-cassandra.zip/lib/logback-classic-1.1.3.jar" ; " apache-cassandra.zip/lib/logback-core-1.1.3.jar"
; " apache-cassandra.zip/lib/lz4-1.3.0.jar" ; " apache-cassandra.zip/lib/metrics-core-3.1.0.jar"
; " apache-cassandra.zip/lib/metrics-logback-3.1.0.jar" ; " apache-cassandra.zip/lib/sigar-1.6.4.jar"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-freebsd-6.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-solaris.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-hpux-11.sl"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-linux.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-pa-hpux-11.sl"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-aix-5.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-aix-5.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-s390x-linux.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-sparc-solaris.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-sparc64-solaris.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-universal-macosx.dylib"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-universal64-macosx.dylib" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-5.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-6.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-solaris.so" ; " apache-cassandra.zip/lib/sigar-bin/sigar-amd64-winnt.dll"
; " apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.dll" ; " apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.lib"
; " apache-cassandra.zip/lib/six-1.7.3-py2.py3-none-any.zip" ; " apache-cassandra.zip/lib/slf4j-api-1.7.7.jar"
; " apache-cassandra.zip/lib/snakeyaml-1.11.jar" ; " apache-cassandra.zip/lib/snappy-java-1.1.1.7.jar"
; " apache-cassandra.zip/lib/stream-2.5.2.jar" ; " apache-cassandra.zip/lib/thrift-server-0.3.7.jar"
; " apache-cassandra.zip/pylib/cqlshlib/__init__.py" ; " apache-cassandra.zip/pylib/cqlshlib/saferscanner.py"
; " apache-cassandra.zip/pylib/cqlshlib/sslhandling.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/ansi_colors.py"
; " apache-cassandra.zip/pylib/cqlshlib/test/basecase.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/test_cql_parsing.py"
; " apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_commands.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_invocation.py"
; " apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_parsing.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/winpty.py"
; " apache-cassandra.zip/tools/bin/cassandra-stress.bat" ; " apache-cassandra.zip/tools/bin/cassandra.in.bat"
; " apache-cassandra.zip/tools/bin/cassandra.in.sh" ; " apache-cassandra.zip/tools/bin/sstableexpiredblockers.bat"
; " apache-cassandra.zip/tools/bin/sstablelevelreset.bat" ; " apache-cassandra.zip/tools/bin/sstablemetadata.bat"
; " apache-cassandra.zip/tools/bin/sstableofflinerelevel.bat" ; " apache-cassandra.zip/tools/bin/sstablerepairedset.bat"
; " apache-cassandra.zip/tools/bin/sstablesplit.bat"]
*CVE :* CVE-2015-2156
*URL :* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2156



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message