Severity High
Patch available YES
Number of vulnerabilities 3
CVE ID CVE-2018-18074
CVE-2018-20060
CVE-2019-11236
CWE ID CWE-255
CWE-200
CWE-93
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
CentOS

Operating systems & Components /
Operating system
Vendor CentOS Project

Security Advisory

1) Credentials management

Severity: High

CVSSv3:
8.8 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-18074

CWE-ID:
CWE-255 – Credentials Management

Exploit availability:
Yes [Search exploit]

Description


The vulnerability allows a remote attacker to access sensitive information on a targeted system.


The vulnerability exists due to the software does not remove the HTTP Authorization header when following an HTTPS-to-HTTP redirect with the same hostname. A remote attacker who is able to perform a man-in-the-middle attack can sniff network traffic in transit between two systems on the targeted network and access sensitive information, such as user credentials.

Mitigation

Update the affected packages.

Vulnerable software versions

CentOS:
7

CPE
External links

https://lists.centos.org/pipermail/centos-announce/2020-March/035680.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Information disclosure

Severity: Medium

CVSSv3:
5.2 [CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C] [PCI]

CVE-ID:
CVE-2018-20060

CWE-ID:
CWE-200 – Information Exposure

Exploit availability:
No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Authorization HTTP header is not removed from the HTTP request during request redirection in “urllib3/util/retry.py”. A remote attacker can intercept the request and gain access to sensitive information, passed via Authorization HTTP header.

Mitigation

Update the affected packages.

Vulnerable software versions

CentOS:
7

CPE
External links

https://lists.centos.org/pipermail/centos-announce/2020-March/035680.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.





Source link

Write a comment:
*

Your email address will not be published.