red hat JBoss core services apache http server 2.4.37
What do you understand by Red Hat Enterprise Linux?
Red Hat Enterprise Linux popularly known as Red Hat is a registered trademark in the United States and other nations of the world. It is the world’s number one enterprise open
source solutions provider. It offers a variety of open-source software that organizations are using to run their servers and fulfilling services to their customers.
Recently, the Indian Computer Emergency Response Team released a vulnerability note explaining that three services of Red Hat JBoss Core are severely affected by a flaw in libxml2’s xmllint in the versions before 2.9.11. The flaw in the software is so severe that it can be exploited by a remote attacker to execute any arbitrary malicious code, bypass security restrictions, and not only that, the attacker can gain access to sensitive information on the system. This vulnerability also makes services of Red Hat prone to DoS attacks on the infected machines.
3 Services of Redhat JBoss Core Found Vulnerable
Vulnerabilities seen in Red Hat JBoss Core Services due to Exponential entity expansion attack which bypasses all previously implemented security mechanisms. It arises because applications that parse XML input using Use-after-free in xmlEncodeEntitiesInternal() and Heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c in the program. The
another part of this vulnerability occurs when the software parses post-validating mixed content in recovery mode using Use-after-free in xmlXIncludeDoProcess() in xinclude.c of the program.
Indian Computer Emergency Response team also reported about HTTP request smuggling when the software parses the certificates using Use-after-free of ID and IDREF attributes and Infinite loop in BN_mod_sqrt(). Using all these flaws in the source code of the program, an attacker can gain access to the system and can breach the confidentiality, integrity, and availability of affected applications of Red Hat Enterprise.
Red Hat released two security advisory for their clients
Red Hat on this security notice responded and released two security advisory for their clients in which he released Red Hat JBoss Core Services Apache HTTP Server 2.4.37 Service
Pack 11 zip to patch the affected software.
In the security advisory, Red Hat mentioned this vulnerability as an important security Impact. However, their patch release for the Red Hat JBoss Services Apache HTTP Server 2.4.37 service pack fixed the bug and also enhanced the security of the Red Hat application. Users and organizations using services by Red Hat
Enterprises are notified to apply all the fixes for this particular vulnerability to protect one's computer system and organization 's computer application infrastructure.
Kindly read another article: