CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-33580

HIGH
7.5
CVSS Severity Score
EPSS Score0.1550%
EPSS Percentile28.92th
Published2021年8月18日
Last Modified2024年11月21日

Vulnerability Description

User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.

Affected Platforms (CPE)

📦
Apache

Roller

< 6.0.2

References & Advisories

🔗 http://www.openwall.com/lists/oss-security/2021/08/18/1
🔗 https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E
🔗 http://www.openwall.com/lists/oss-security/2021/08/18/1
🔗 https://lists.apache.org/thread.html/r9d967d80af941717573e531db2c7353a90bfd0886e9b5d5d79f75506%40%3Cuser.roller.apache.org%3E

相關漏洞威脅

CVE-2014-00309.8

The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspe...

CVE-2018-171989.8

Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versio...

CVE-2016-71627.5

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitr...

CVE-2015-02497.2

The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog t...