CVE-2018-1193
published 2018-05-23CVE-2018-1193: Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the…
PriorityP425medium5.3CVSS 3.0
AVNACLPRNUINSUCLINAN
EPSS
1.11%
61.9th percentile
Cloud Foundry routing-release, versions prior to 0.175.0, lacks sanitization for user-provided X-Forwarded-Proto headers. A remote user can set the X-Forwarded-Proto header in a request to potentially bypass an application requirement to only respond over secure connections.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloud_foundry | cloud_foundry_router | — | — |
| cloudfoundry | cf-deployment | < 1.27.0 | 1.27.0 |
| cloudfoundry | routing-release | < 0.175.0 | 0.175.0 |
CVSS provenance
nvdv3.05.3MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193) [fedora-all]
bugzilla·2018-12-06·CVSS 6.5
CVE-2018-1000864 [MEDIUM] CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193) [fedora-all]
CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193) [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: t
Bugzilla
CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193)
bugzilla·2018-12-06·CVSS 6.5
CVE-2018-1000864 [MEDIUM] CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193)
CVE-2018-1000864 jenkins: potential denial of service through cron expression form validation (SECURITY-1193)
A flaw was found in Jenkins. The form validation for cron expressions (e.g. "Poll SCM", "Build periodically") could enter infinite loops when cron expressions only matching certain rare dates were entered, blocking request handling threads indefinitely.
References:
https://jenkins.io/security/advisory/2018-12-05/
Discussion:
Created jenkins tracking bugs for this issue:
Affects: fedora-all [bug 1656949]
Bugzilla
CVE-2018-14435 ImageMagick: memory leak in DecodeImage in coders/pcd.c
bugzilla·2018-07-30·CVSS 6.5
CVE-2018-14435 [MEDIUM] CVE-2018-14435 ImageMagick: memory leak in DecodeImage in coders/pcd.c
CVE-2018-14435 ImageMagick: memory leak in DecodeImage in coders/pcd.c
A flaw was found in ImageMagick 7.0.8-4. A memory leak in DecodeImage in coders/pcd.c.
References:
https://github.com/ImageMagick/ImageMagick/issues/1193
Upstream Patch:
https://github.com/ImageMagick/ImageMagick6/commit/e8f4f5e776002aa6ed490d7c6f65e10fa67359dd
https://github.com/ImageMagick/ImageMagick/commit/957b6397b958a5881005df27eb97319b3175a3c9
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1609937]
---
Flaw is a failure to free memory before an exception is thrown. It looks like the exception macro just returns false and logs, thus, memory leak. (I don't believe the ImageMagick exception terminates immediately, but I did not test it.)
```
default:
{
ThrowBinaryExc
2018-05-23
Published