Request a Demo
Rewterz
Rewterz Threat Alert – PatchWork APT Threat Actor Group – Active IOCs
February 20, 2024
Rewterz
Rewterz Threat Alert – Mustang Panda Uses Advanced PlugX Variant DOPLUGS to Target Asian Countries – Active IOCs
February 22, 2024

Rewterz Threat Advisory – Multiple Apache Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-23807 CVSS:8.1

Apache Xerces C++ XML parser could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw during the scanning of external DTDs. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2024-25141 CVSS:7.8

Apache Airflow Mongo Provider could provide weaker than expected security, caused by missing certificates validation due to default settings included “allow_insecure”. An attacker could exploit this vulnerability to launch further attacks on the system.

CVE-2023-49250 CVSS:9.8

Apache Dolphinscheduler is vulnerable to a man-in-the-middle attack, caused by an insecure TLS TrustManager used in HttpUtil. An attacker could exploit this vulnerability to launch a man-in-the-middle attack and gain access to the communication channel between endpoints to obtain sensitive information or further compromise the system.

CVE-2023-51770 CVSS:7.5

Apache Dolphinscheduler could allow a remote attacker to obtain sensitive information, caused by an arbitrary file read flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-50270 CVSS:9.8

Apache Dolphinscheduler could allow a remote attacker to bypass security restrictions, caused by a flaw with session do not expire after password change. By sending a specially crafted request, an attacker could exploit this vulnerability to bypass access restrictions.

CVE-2023-49109 CVSS:9.8

Apache Dolphinscheduler could allow a remote attacker to execute arbitrary code on the system, caused by a code injection flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

  • Gain Access
  • Code Execution
  • Security Bypass
  • Information Disclosure

Indicators Of Compromise

CVE

  • CVE-2024-23807
  • CVE-2024-25141
  • CVE-2023-49250
  • CVE-2023-51770
  • CVE-2023-50270
  • CVE-2023-49109

Affected Vendors

Apache

Affected Products

  • Apache DolphinScheduler 3.0.0
  • Apache DolphinScheduler 3.2.0
  • Apache Xerces C++ XML parser 3.0.0
  • Apache Xerces C++ XML parser 3.2.4
  • Apache Airflow Mongo Provider 1.0.0
  • Apache Airflow Mongo Provider 3.0.0

Remediation

Refer to Apache Website for patch, upgrade, or suggested workaround information.

Apache Xerces C++ XML parser

Apache Airflow Mongo Provider

Apache DolphinScheduler