{ "threat_severity" : "Low", "public_date" : "2023-09-19T00:00:00Z", "bugzilla" : { "description" : "jetty: Improper addition of quotation marks to user inputs in CgiServlet", "id" : "2239630", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2239630" }, "cvss3" : { "cvss3_base_score" : "3.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N", "status" : "verified" }, "cwe" : "CWE-149", "details" : [ "Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.", "A flaw was found in Jetty's CGI servlet which permits incorrect command execution in specific circumstances such as requests with certain characters in requested filenames. This issue could allow an attacker to run permitted commands other than the one requested." ], "affected_release" : [ { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-06-13T00:00:00Z", "advisory" : "RHSA-2024:3919", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-operator-bundle:1.2-23" }, { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-06-13T00:00:00Z", "advisory" : "RHSA-2024:3919", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-rhel8-operator:1.2-15" }, { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-06-13T00:00:00Z", "advisory" : "RHSA-2024:3919", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-web-container-rhel8:1.2-16" }, { "product_name" : "Migration Toolkit for Runtimes 1 on RHEL 8", "release_date" : "2024-06-13T00:00:00Z", "advisory" : "RHSA-2024:3919", "cpe" : "cpe:/a:redhat:migration_toolkit_runtimes:1.0::el8", "package" : "mtr/mtr-web-executor-container-rhel8:1.2-14" }, { "product_name" : "MTA-6.2-RHEL-9", "release_date" : "2024-06-20T00:00:00Z", "advisory" : "RHSA-2024:3989", "cpe" : "cpe:/a:redhat:migration_toolkit_applications:6.2::el9", "package" : "mta/mta-windup-addon-rhel9:6.2.3-2" }, { "product_name" : "Red Hat Fuse 7.12.1", "release_date" : "2023-11-15T00:00:00Z", "advisory" : "RHSA-2023:7247", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "jetty-servlets" }, { "product_name" : "Red Hat Fuse 7.13.0", "release_date" : "2024-05-23T00:00:00Z", "advisory" : "RHSA-2024:3354", "cpe" : "cpe:/a:redhat:jboss_fuse:7", "package" : "jetty-servlets" }, { "product_name" : "Red Hat Satellite 6.14 for RHEL 8", "release_date" : "2024-02-13T00:00:00Z", "advisory" : "RHSA-2024:0797", "cpe" : "cpe:/a:redhat:satellite:6.14::el8", "package" : "candlepin-0:4.3.11-1.el8sat" }, { "product_name" : "Red Hat Satellite 6.15 for RHEL 8", "release_date" : "2024-04-23T00:00:00Z", "advisory" : "RHSA-2024:2010", "cpe" : "cpe:/a:redhat:satellite:6.15::el8", "package" : "puppetserver-0:7.14.0-1.el8sat" }, { "product_name" : "Red Hat Satellite 6.15 for RHEL 8", "release_date" : "2024-04-23T00:00:00Z", "advisory" : "RHSA-2024:2010", "cpe" : "cpe:/a:redhat:satellite_capsule:6.15::el8", "package" : "puppetserver-0:7.14.0-1.el8sat" } ], "package_state" : [ { "product_name" : "OpenShift Serverless", "fix_state" : "Fix deferred", "package_name" : "org.kie.kogito-kogito-apps", "cpe" : "cpe:/a:redhat:serverless:1" }, { "product_name" : "Red Hat AMQ Broker 7", "fix_state" : "Not affected", "package_name" : "jetty-servlets", "cpe" : "cpe:/a:redhat:amq_broker:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Out of support scope", "package_name" : "jetty", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "jetty", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Fix deferred", "package_name" : "jetty", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat JBoss A-MQ 6", "fix_state" : "Out of support scope", "package_name" : "jetty-servlets", "cpe" : "cpe:/a:redhat:jboss_amq:6" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Fuse 6", "fix_state" : "Out of support scope", "package_name" : "jetty-servlets", "cpe" : "cpe:/a:redhat:jboss_fuse:6" }, { "product_name" : "Red Hat OpenShift Container Platform 4", "fix_state" : "Fix deferred", "package_name" : "openshift4/ose-metering-hive", "cpe" : "cpe:/a:redhat:openshift:4" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Out of support scope", "package_name" : "jetty-servlets", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Under investigation", "package_name" : "jetty", "cpe" : "cpe:/a:redhat:amq_streams:1" }, { "product_name" : "streams for Apache Kafka", "fix_state" : "Out of support scope", "package_name" : "jetty-servlets", "cpe" : "cpe:/a:redhat:amq_streams:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-36479\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36479" ], "name" : "CVE-2023-36479", "csaw" : false }