

Rewterz Threat Alert – Quasar RAT aka CinaRAT – Active IOCs
March 14, 2024
Rewterz Threat Advisory – Multiple Microsoft Products Vulnerabilities
March 14, 2024
Rewterz Threat Alert – Quasar RAT aka CinaRAT – Active IOCs
March 14, 2024
Rewterz Threat Advisory – Multiple Microsoft Products Vulnerabilities
March 14, 2024Severity
High
Analysis Summary
CVE-2024-23672 CVSS:7.5
Apache Tomcat is vulnerable to a denial of service, caused by an incomplete cleanup flaw. By sending specially crafted WebSocket connections, a remote attacker could exploit this vulnerability to increased resource consumption, and results in a denial of service condition.
CVE-2024-28746 CVSS:6.5
Apache Airflow could allow a remote authenticated attacker to obtain sensitive information, caused by improper permission validation. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain access resources information, and use this information to launch further attacks against the affected system.
CVE-2024-24549 CVSS:7.5
Apache Tomcat is vulnerable to a denial of service, caused by improper input validation by the HTTP/2 header. By sending specially crafted HTTP/2 requests, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-28098 CVSS:6.4
Apache Pulsar could allow a remote authenticated attacker to bypass security restrictions, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to modify topic-level policies.
CVE-2024-27317 CVSS:8.4
Apache Pulsar could allow a remote authenticated attacker to traverse directories on the system, caused by improper archive file validation. An attacker could use a specially crafted archive file containing “dot dot” sequences (/../) to create or modify arbitrary files outside of the designated extraction directory.
CVE-2024-27135 CVSS:8.5
Apache Pulsar could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request, an attacker could exploit this vulnerability to execute arbitrary Java code on the Pulsar Function worker.
CVE-2024-27894 CVSS:8.5
Apache Pulsar could allow a remote authenticated attacker to obtain sensitive information, caused by improper authorization validation. By sending a specially crafted request, an attacker could exploit this vulnerability to access arbitrary files, and use this information to launch further attacks against the affected system.
CVE-2022-34321 CVSS:8.2
Apache Pulsar could allow a remote attacker to bypass security restrictions, caused by improper authentication validation. By sending a specially crafted request, an attacker could exploit this vulnerability to connect to the /proxy-stats endpoint.
CVE-2023-41313 CVSS:7.5
Apache Doris could allow a remote attacker to obtain sensitive information, caused by a flaw in the authentication method. By utilize timing attack techniques, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Gain Access
- Code Execution
- Security Bypass
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2024-23672
- CVE-2024-28746
- CVE-2024-24549
- CVE-2024-28098
- CVE-2024-27317
- CVE-2024-27135
- CVE-2024-27894
- CVE-2022-34321
- CVE-2023-41313
Affected Vendors
Apache
Affected Products
- Apache Tomcat 8.5.0
- Apache Tomcat 9.0.0-M1
- Apache Tomcat 10.1.0-M1
- Apache Tomcat 11.0.0-M1
- Apache Airflow 2.8.0
- Apache Pulsar 2.11.0
- Apache Airflow 2.8.1
- Apache Tomcat 8.5.98
- Apache Tomcat 9.0.85
- Apache Tomcat 10.1.18
- Apache Tomcat 11.0.0-M16
- Apache Airflow 2.8.2
- Apache Pulsar 3.0.0
- Apache Pulsar 3.1.0
- Apache Pulsar 2.10.5
- Apache Pulsar 2.11.3
- Apache Pulsar 3.0.2
- Apache Pulsar 3.1.2
- Apache Pulsar 3.2.0
- Apache Pulsar 2.7.1
- Apache Doris 1.2.7
Remediation
Refer to Apache Website for patch, upgrade or suggested workaround information.