cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Abhishek Singh (Jira)" <j...@apache.org>
Subject [jira] [Commented] (CASSANDRA-15423) CVE-2015-2156 (Netty is vulnerable to Information Disclosure)
Date Fri, 15 Nov 2019 04:42:00 GMT

    [ https://issues.apache.org/jira/browse/CASSANDRA-15423?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16974783#comment-16974783
] 

Abhishek Singh commented on CASSANDRA-15423:
--------------------------------------------

Thanks Dinesh. I took a note of it.

> CVE-2015-2156 (Netty is vulnerable to Information Disclosure) 
> --------------------------------------------------------------
>
>                 Key: CASSANDRA-15423
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-15423
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Abhishek Singh
>            Priority: Normal
>
> *Description :**Description :* *Severity :* CVE CVSS 3.0: 7.5Sonatype CVSS 3.0: 7.5
>  
>  *Weakness :* CVE CWE: 20
>  
>  *Source :* National Vulnerability Database
>  
>  *Categories :* Data 
>  *Description from CVE :* Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x
before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might
allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information
by leveraging improper validation of cookie name and value characters.
>  
>  *Explanation :* Netty is vulnerable to Information Disclosure.Multiple methods in multiple
files improperly validate cookie names and values. This allows the presence of single-quote
and double-quote characters to break tokenization.A remote attacker can exploit this vulnerability
by inducing a victim to send a crafted request containing quote characters in any parameter
value that sets a cookie.If that tainted cookie gets reflected in the response, the attacker
can then use Cross-Site Scripting (XSS) to potentially retrieve the entire cookie header,
despite the presence of an HttpOnly flag.
> The Sonatype security research team discovered that the vulnerability is present in all
versions prior to 3.9.7.Final and 3.10.x before 3.10.2.Final, and not in all the versions
before 3.9.8.Final and 3.10.x before 3.10.3.Final as the advisory states. 
>  *Detection :* The application is vulnerable by using this component if it reflects
any cookie information in a HTML page, and that page is also prone to Cross-Site Scripting
(XSS) attacks. 
>  *Recommendation :* We recommend upgrading to a version of this component that is not
vulnerable to this specific issue. 
>  *Root Cause :* Cassandra-2.2.5.nupkgCookieDecoder.class : [5.0.0.Alpha1, 5.0.0.Alpha2)
>  
>  *Advisories :* Project: https://engineering.linkedin.com/security/look-netty_s-recen...
>  
>  *CVSS Details :* CVE CVSS 3.0: 7.5
> *Occurences (Paths) :* [" apache-cassandra.zip/bin/cassandra.in.bat" ; " apache-cassandra.zip/bin/cassandra.in.sh"
; " apache-cassandra.zip/bin/cqlsh.bat" ; " apache-cassandra.zip/bin/debug-cql.bat" ; " apache-cassandra.zip/bin/source-conf.ps1"
; " apache-cassandra.zip/bin/sstableloader.bat" ; " apache-cassandra.zip/bin/sstablescrub.bat"
; " apache-cassandra.zip/bin/sstableupgrade.bat" ; " apache-cassandra.zip/bin/sstableverify.bat"
; " apache-cassandra.zip/bin/stop-server" ; " apache-cassandra.zip/bin/stop-server.bat" ;
" apache-cassandra.zip/bin/stop-server.ps1" ; " apache-cassandra.zip/conf/README.txt" ; "
apache-cassandra.zip/conf/cassandra-rackdc.properties" ; " apache-cassandra.zip/conf/cassandra-topology.properties"
; " apache-cassandra.zip/conf/commitlog_archiving.properties" ; " apache-cassandra.zip/conf/triggers/README.txt"
; " apache-cassandra.zip/lib/ST4-4.0.8.jar" ; " apache-cassandra.zip/lib/airline-0.6.jar"
; " apache-cassandra.zip/lib/antlr-runtime-3.5.2.jar" ; " apache-cassandra.zip/lib/commons-cli-1.1.jar"
; " apache-cassandra.zip/lib/commons-lang3-3.1.jar" ; " apache-cassandra.zip/lib/commons-math3-3.2.jar"
; " apache-cassandra.zip/lib/compress-lzf-0.8.4.jar" ; " apache-cassandra.zip/lib/concurrentlinkedhashmap-lru-1.4.jar"
; " apache-cassandra.zip/lib/disruptor-3.0.1.jar" ; " apache-cassandra.zip/lib/ecj-4.4.2.jar"
; " apache-cassandra.zip/lib/futures-2.1.6-py2.py3-none-any.zip" ; " apache-cassandra.zip/lib/high-scale-lib-1.0.6.jar"
; " apache-cassandra.zip/lib/jamm-0.3.0.jar" ; " apache-cassandra.zip/lib/javax.inject.jar"
; " apache-cassandra.zip/lib/jbcrypt-0.3m.jar" ; " apache-cassandra.zip/lib/jcl-over-slf4j-1.7.7.jar"
; " apache-cassandra.zip/lib/joda-time-2.4.jar" ; " apache-cassandra.zip/lib/json-simple-1.1.jar"
; " apache-cassandra.zip/lib/libthrift-0.9.2.jar" ; " apache-cassandra.zip/lib/licenses/ST4-4.0.8.txt"
; " apache-cassandra.zip/lib/licenses/antlr-runtime-3.5.2.txt" ; " apache-cassandra.zip/lib/licenses/compress-lzf-0.8.4.txt"
; " apache-cassandra.zip/lib/licenses/concurrent-trees-2.4.0.txt" ; " apache-cassandra.zip/lib/licenses/ecj-4.4.2.txt"
; " apache-cassandra.zip/lib/licenses/futures-2.1.6.txt" ; " apache-cassandra.zip/lib/licenses/high-scale-lib-1.0.6.txt"
; " apache-cassandra.zip/lib/licenses/jbcrypt-0.3m.txt" ; " apache-cassandra.zip/lib/licenses/jcl-over-slf4j-1.7.7.txt"
; " apache-cassandra.zip/lib/licenses/jna-4.2.2.txt" ; " apache-cassandra.zip/lib/licenses/jstackjunit-0.0.1.txt"
; " apache-cassandra.zip/lib/licenses/log4j-over-slf4j-1.7.7.txt" ; " apache-cassandra.zip/lib/licenses/logback-classic-1.1.3.txt"
; " apache-cassandra.zip/lib/licenses/logback-core-1.1.3.txt" ; " apache-cassandra.zip/lib/licenses/lz4-1.3.0.txt"
; " apache-cassandra.zip/lib/licenses/metrics-core-3.1.0.txt" ; " apache-cassandra.zip/lib/licenses/metrics-jvm-3.1.0.txt"
; " apache-cassandra.zip/lib/licenses/ohc-0.4.4.txt" ; " apache-cassandra.zip/lib/licenses/reporter-config-base-3.0.3.txt"
; " apache-cassandra.zip/lib/licenses/reporter-config3-3.0.3.txt" ; " apache-cassandra.zip/lib/licenses/sigar-1.6.4.txt"
; " apache-cassandra.zip/lib/licenses/six-1.7.3.txt" ; " apache-cassandra.zip/lib/licenses/slf4j-api-1.7.7.txt"
; " apache-cassandra.zip/lib/licenses/stream-2.5.2.txt" ; " apache-cassandra.zip/lib/log4j-over-slf4j-1.7.7.jar"
; " apache-cassandra.zip/lib/logback-classic-1.1.3.jar" ; " apache-cassandra.zip/lib/logback-core-1.1.3.jar"
; " apache-cassandra.zip/lib/lz4-1.3.0.jar" ; " apache-cassandra.zip/lib/metrics-core-3.1.0.jar"
; " apache-cassandra.zip/lib/metrics-logback-3.1.0.jar" ; " apache-cassandra.zip/lib/sigar-1.6.4.jar"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-freebsd-6.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-amd64-solaris.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-hpux-11.sl"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-ia64-linux.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-pa-hpux-11.sl"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-aix-5.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-aix-5.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-ppc64-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-s390x-linux.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-sparc-solaris.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-sparc64-solaris.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-universal-macosx.dylib"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-universal64-macosx.dylib" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-5.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-freebsd-6.so" ; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-linux.so"
; " apache-cassandra.zip/lib/sigar-bin/libsigar-x86-solaris.so" ; " apache-cassandra.zip/lib/sigar-bin/sigar-amd64-winnt.dll"
; " apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.dll" ; " apache-cassandra.zip/lib/sigar-bin/sigar-x86-winnt.lib"
; " apache-cassandra.zip/lib/six-1.7.3-py2.py3-none-any.zip" ; " apache-cassandra.zip/lib/slf4j-api-1.7.7.jar"
; " apache-cassandra.zip/lib/snakeyaml-1.11.jar" ; " apache-cassandra.zip/lib/snappy-java-1.1.1.7.jar"
; " apache-cassandra.zip/lib/stream-2.5.2.jar" ; " apache-cassandra.zip/lib/thrift-server-0.3.7.jar"
; " apache-cassandra.zip/pylib/cqlshlib/__init__.py" ; " apache-cassandra.zip/pylib/cqlshlib/saferscanner.py"
; " apache-cassandra.zip/pylib/cqlshlib/sslhandling.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/ansi_colors.py"
; " apache-cassandra.zip/pylib/cqlshlib/test/basecase.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/test_cql_parsing.py"
; " apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_commands.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_invocation.py"
; " apache-cassandra.zip/pylib/cqlshlib/test/test_cqlsh_parsing.py" ; " apache-cassandra.zip/pylib/cqlshlib/test/winpty.py"
; " apache-cassandra.zip/tools/bin/cassandra-stress.bat" ; " apache-cassandra.zip/tools/bin/cassandra.in.bat"
; " apache-cassandra.zip/tools/bin/cassandra.in.sh" ; " apache-cassandra.zip/tools/bin/sstableexpiredblockers.bat"
; " apache-cassandra.zip/tools/bin/sstablelevelreset.bat" ; " apache-cassandra.zip/tools/bin/sstablemetadata.bat"
; " apache-cassandra.zip/tools/bin/sstableofflinerelevel.bat" ; " apache-cassandra.zip/tools/bin/sstablerepairedset.bat"
; " apache-cassandra.zip/tools/bin/sstablesplit.bat"]
> *CVE :* CVE-2015-2156
> *URL :* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2156



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message