Request a Demo
Rewterz
Rewterz Threat Advisory – CVE-2021-42278 – Microsoft Windows privilege escalation
December 21, 2021
Rewterz
Rewterz Threat Advisory – VMware Workspace ONE Accessv and Identity Manager server-side
December 21, 2021

Rewterz Threat Advisory – Multiple Apache Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2021-43083  

Apache PLC4X could allow a local attacker to execute arbitrary code on the system, caused by an integer underflow inside the TCP transport. By sending a specially-crafted server response, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system.

CVE-2021-41561 

Apache Parquet-MR is vulnerable to a denial of service, caused by improper input validation. By persuading a victim to open a specially-crafted Parquet file, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2021-44548 

Apache Solr could allow a remote attacker to obtain sensitive information, caused by an improper input validation flaw in DataImportHandler. By using a specially-crafted UNC path, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

  • Denial of Service
  • Information Disclosure

Affected Vendors

Apache

Affected Products

  • Apache PLC4X 0.9.0
  • Apache Parquet-MR 1.9.0
  • Apache Parquet-MR 1.10.0
  • Apache Parquet-MR 1.11.0
  • Apache Parquet-MR 1.12.0
  • Apache Solr 8.11.0

Remediation

Upgrade to the latest version of Apache, available from the Apache Web site.
CVE-2021-43083
https://plc4x.apache.org/
CVE-2021-41561
https://github.com/apache/parquet-mr
CVE-2021-44548
https://solr.apache.org/