Rewterz Threat Advisory – Multiple Apache Products Vulnerabilities

Severity

High

Analysis Summary

CVE-2024-23672 CVSS:7.5

Apache Tomcat is vulnerable to a denial of service, caused by an incomplete cleanup flaw. By sending specially crafted WebSocket connections, a remote attacker could exploit this vulnerability to increased resource consumption, and results in a denial of service condition.

CVE-2024-28746 CVSS:6.5

Apache Airflow could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain access resources information, and use this information to launch further attacks against the affected system.

CVE-2024-24549 CVSS:7.5

Apache Tomcat is vulnerable to a denial of service, caused by improper input validation by the HTTP/2 header. By sending specially crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.

CVE-2024-28098 CVSS:6.4

Apache Pulsar could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to modify topic-level policies.

CVE-2024-27317 CVSS:8.4

Apache Pulsar could allow a remote authenticated attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a specially crafted archive file containing “dot dot” sequences (/../) to create or modify arbitrary files outside of the designated extraction directory.

CVE-2024-27135 CVSS:8.5

Apache Pulsar could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary Java code on the Pulsar Function worker.

CVE-2024-27894 CVSS:8.5

Apache Pulsar could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to access arbitrary files, and use this information to launch further attacks against the affected system.

CVE-2022-34321 CVSS:8.2

Apache Pulsar could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to connect to the /proxy-stats endpoint.

CVE-2023-41313 CVSS:7.5

Apache Doris could allow a remote attacker to obtain sensitive information, caused by a flaw in the authentication method. By utilize timing attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.

Impact

• Denial of Service
• Gain Access
• Code Execution
• Security Bypass
• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2024-23672
• CVE-2024-28746
• CVE-2024-24549
• CVE-2024-28098
• CVE-2024-27317
• CVE-2024-27135
• CVE-2024-27894
• CVE-2022-34321
• CVE-2023-41313

Affected Vendors

Apache

Affected Products

• Apache Tomcat 8.5.0
• Apache Tomcat 9.0.0-M1
• Apache Tomcat 10.1.0-M1
• Apache Tomcat 11.0.0-M1
• Apache Airflow 2.8.0
• Apache Pulsar 2.11.0
• Apache Airflow 2.8.1
• Apache Tomcat 8.5.98
• Apache Tomcat 9.0.85
• Apache Tomcat 10.1.18
• Apache Tomcat 11.0.0-M16
• Apache Airflow 2.8.2
• Apache Pulsar 3.0.0
• Apache Pulsar 3.1.0
• Apache Pulsar 2.10.5
• Apache Pulsar 2.11.3
• Apache Pulsar 3.0.2
• Apache Pulsar 3.1.2
• Apache Pulsar 3.2.0
• Apache Pulsar 2.7.1
• Apache Doris 1.2.7

Remediation

Refer to Apache Website for patch, upgrade or suggested workaround information.

Apache Tomcat

Apache Airflow

Apache Pulsar

Apache Doris