February 17, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
February 29, 2024Rewterz Threat Alert – NJRAT – Active IOCs
March 1, 2024Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
February 29, 2024Rewterz Threat Alert – NJRAT – Active IOCs
March 1, 2024
Severity
Medium
Analysis Summary
CVE-2024-21742 CVSS:5.3
Apache James Mime4J could allow a remote attacker to bypass security restrictions, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to add unintended headers to MIME messages.
CVE-2023-51747 CVSS:6.5
Apache James is vulnerable to SMTP smuggling, caused by a flaw in the line delimiter handling. By sending a specially crafted request using SMTP envelop, an attacker could exploit this vulnerability to bypass SPF checks.
CVE-2024-27905 CVSS:7.5
Apache Aurora could allow a remote attacker to obtain sensitive information, caused by improper authentication validation. By utilize padding oracle attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-50380 CVSS:6.5
Apache Ambari could allow a remote authenticated attacker to obtain sensitive information, caused by improper handling of XML external entity (XXE) declarations by the Oozie Workflow Scheduler feature. By using a specially crafted XML content, an attacker could exploit this vulnerability to read arbitrary files on the server.
CVE-2023-50379 CVSS:8.8
Apache Ambari could allow a remote authenticated attacker to gain elevated privileges on the system, caused by a command injection flaw. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain a root over the cluster main host and execute arbitrary code.
CVE-2023-51518 CVSS:6.7
Apache James could allow a local authenticated attacker to gain elevated privileges on the system, caused by an unsafe deserialization in the JMX endpoint. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to gain elevated privileges.
Impact
- Security Bypass
- Gain Access
- Information Disclosure
- Privilege Escalation
Indicators Of Compromise
CVE
- CVE-2024-21742
- CVE-2023-51747
- CVE-2024-27905
- CVE-2023-50380
- CVE-2023-50379
- CVE-2023-51518
Affected Vendors
Apache
Affected Products
- Apache James Mime4J 0.8.9
- Apache James 3.7.4
- Apache James 3.8.0
- Apache Aurora 0.5.0
- Apache Ambari 2.7.0
- Apache Ambari 2.7.7
Remediation
Upgrade to the latest version of Apache Products, available from the Apache Website.