CVE-2019-0785
published 2019-07-15CVE-2019-0785: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka…
PriorityP271critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
49.63%
98.7th percentile
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server | — | — |
| microsoft | windows_server_2012 | — | — |
| microsoft | windows_server_2016 | — | — |
| microsoft | windows_server_2016 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_version_1803 | — | — |
| msrc | windows_server_version_1903 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The attack requires the target DHCP server to be configured in failover mode — detections should focus on DHCP failover servers receiving anomalous/specially crafted packets ↗
- →Monitor for memory corruption or unexpected crashes/non-responsiveness of the Windows DHCP service (dhcpserver.exe) on failover-configured servers, which may indicate exploitation attempts ↗
- →Unauthenticated remote exploitation vector — no credentials required; alert on unexpected inbound DHCP traffic (UDP/67) to servers in failover mode, especially from untrusted sources ↗
- ·Vulnerability is only exploitable when the Windows DHCP Server is configured in failover mode; non-failover DHCP servers are not affected ↗
- ·Affected scope spans Windows Server 2012 through Server 2019; ensure patch coverage across all supported server versions in this range ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_msrc9.8CRITICAL
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Windows DHCP Server Remote Code Execution Vulnerability
vendor_msrc·2019-07-09·CVSS 9.8
CVE-2019-0785 [CRITICAL] Windows DHCP Server Remote Code Execution Vulnerability
Windows DHCP Server Remote Code Execution Vulnerability
Description: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server. An attacker who successfully exploited the vulnerability could either run arbitrary code on the DHCP failover server or cause the DHCP service to become nonresponsive.
To exploit the vulnerability, an attacker could send a specially crafted packet to a DHCP server. However, the DHCP server must be set to failover mode for the attack to succeed.
The security update addresses the vulnerability by correcting how DHCP failover servers handle network packets.
Microsoft Windows: Microsoft Windows
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Di
Red Hat
struts2: forced double OGNL evaluation on raw input in tag attributes
vendor_redhat·2016-04-13·CVSS 8.8
CVE-2016-0785 [HIGH] CWE-20 struts2: forced double OGNL evaluation on raw input in tag attributes
struts2: forced double OGNL evaluation on raw input in tag attributes
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
Statement: A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat provided final products, and does not cause any vulnerability in the product, struts2-core jars have been included in some products' source code packages. The inclusion was part of an import of the Google Guice repository, which includes struts2-core. Customers that build artefacts from our sourc
GHSA
GHSA-9fc3-q27f-j286: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server
ghsa_unreviewed·2022-05-24
CVE-2019-0785 [CRITICAL] GHSA-9fc3-q27f-j286: A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server
A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Remote Code Execution Vulnerability'.
No detection rules found.
No public exploits indexed.
Krebs
Patch Tuesday Lowdown, July 2019 Edition
blogs_krebs·2019-07-13·CVSS 9.8
CVE-2019-0785 [CRITICAL] Patch Tuesday Lowdown, July 2019 Edition
Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.
The DHCP weakness (CVE-2019-0785) exists in most supported versions of Windows server, from Windows Server 2012 through Server 2019.
Microsoft said an unauthenticated attacker could use the DHCP flaw to seize total, remote control over vulnerable systems simply by sending a specially crafted data packet to a Windows computer. For those keeping count, this is the fifth time this year that Redmond
Qualys
July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns | Qualys
blogs_qualys·2019-07-09·CVSS 9.8
[CRITICAL] July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns | Qualys
This month’s Microsoft Patch Tuesday addresses 77 vulnerabilities with 15 of them labeled as Critical. Of the 15 Critical vulns, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server. In addition, Microsoft has released Important patches for two actively exploited privilege escalation vulnerabilities, as well as a SQL Server RCE. Microsoft also issued two advisories for Outlook on the web and Linux Kernel vulnerabilities. Adobe issued patches today for Bridge CC, Experience Manager, and Dreamweaver.
### Workstation Patches
Scripting Engine, Browser, GDI+, and .NET Framework patches should be prioritized for workstation-type devices, meaning any system that is used for email or to acc
Qualys
July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns
blogs_qualys·2019-07-09·CVSS 9.8
[CRITICAL] July 2019 Patch Tuesday – 77 Vulns, 15 Critical, DHCP RCE, Exploited PrivEsc, SQL, Adobe Vulns
This month’s Microsoft Patch Tuesday addresses 77 vulnerabilities with 15 of them labeled as Critical. Of the 15 Critical vulns, 11 are for scripting engines and browsers, with the remaining four covering DHCP Server, GDI+, .NET Framework, and Azure DevOps Server / Team Foundation Server. In addition, Microsoft has released Important patches for two actively exploited privilege escalation vulnerabilities, as well as a SQL Server RCE. Microsoft also issued two advisories for Outlook on the web and Linux Kernel vulnerabilities. Adobe issued patches today for Bridge CC, Experience Manager, and Dreamweaver.
## Workstation Patches
Scripting Engine, Browser, GDI+, and .NET Framework patches should be prioritized for workstation-type devices, meaning any system that is used for email or to acce
Tenable
Microsoft’s July 2019 Patch Tuesday: What You Need to Know
blogs_tenable·2019-07-09
Microsoft’s July 2019 Patch Tuesday: What You Need to Know
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Krebs
Patch Tuesday Lowdown, July 2019 Edition
blogs_krebs·2019-07-09·CVSS 9.8
[CRITICAL] Patch Tuesday Lowdown, July 2019 Edition
Microsoft today released software updates to plug almost 80 security holes in its Windows operating systems and related software. Among them are fixes for two zero-day flaws that are actively being exploited in the wild, and patches to quash four other bugs that were publicly detailed prior to today, potentially giving attackers a head start in working out how to use them for nefarious purposes.
Zero-days and publicly disclosed flaws aside for the moment, probably the single most severe vulnerability addressed in this month’s patch batch (at least for enterprises) once again resides in the component of Windows responsible for automatically assigning Internet addresses to host computers — a function called the “ Windows DHCP server .”
The DHCP weakness ( CVE-2019-0785 ) exists in most sup
Bugzilla
CVE-2016-0785 struts2: forced double OGNL evaluation on raw input in tag attributes
bugzilla·2016-04-13·CVSS 8.8
CVE-2016-0785 [HIGH] CVE-2016-0785 struts2: forced double OGNL evaluation on raw input in tag attributes
CVE-2016-0785 struts2: forced double OGNL evaluation on raw input in tag attributes
The Apache Struts frameworks when forced, performs double evaluation of attributes' values assigned to certain tags so it is possible to pass in a value that will be evaluated again when a tag's attributes will be rendered.
External references:
http://struts.apache.org/docs/s2-029.html
Discussion:
Statement:
A previous statement by Red Hat related to this CVE, prior to August 2019, said that Apache Struts 2 is not included in any Red Hat products. This earlier statement was incorrect. While Struts 2 is not actively compiled, shipped, used, or enabled in any Red Hat provided final products, and does not cause any vulnerability in the product, struts2-core jars have been included in some products' sourc
2019-07-15
Published