

Multiple SolarWinds Access Rights Manager Zero-Day Vulnerabilities
July 19, 2024
New Update for CrowdStrike Causes Numerous Windows Crashes
July 19, 2024
Multiple SolarWinds Access Rights Manager Zero-Day Vulnerabilities
July 19, 2024
New Update for CrowdStrike Causes Numerous Windows Crashes
July 19, 2024Severity
High
Analysis Summary
CVE-2024-32007 CVSS:7.5
Apache CXF is vulnerable to a denial of service, caused by improper input validation by the p2c parameter. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-41172 CVSS:7.5
Apache CXF is vulnerable to a denial of service, caused by a memory consumption flaw in CXF HTTP clients when preventing HTTPClient instances from being garbage collected. By sending a specially crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition.
CVE-2024-39877 CVSS:8.8
Apache Airflow could allow a remote authenticated attacker to execute arbitrary code on the system, caused by improper input validation. By sending a specially crafted request using the doc_md parameter, an attacker could exploit this vulnerability to execute arbitrary code in the scheduler context.
CVE-2024-31411 CVSS:8.8
Apache StreamPipes could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system.
Impact
- Denial of Service
- Gain Access
- Security Bypass
Indicators of Compromise
CVE
- CVE-2024-32007
- CVE-2024-41172
- CVE-2024-39877
- CVE-2024-31411
Affected Vendors
Affected Products
- Apache StreamPipes 0.93.0
- Apache CXF 3.5.8
- Apache CXF 3.6.3
- Apache CXF 4.0.4
- Apache Airflow 2.9.2
Remediation
Upgrade to the latest version of Apache, available from the Apache Website.