August 2023 Web Application Vulnerabilities Released
Last updated on: September 11, 2023
The Qualys Web Application Scanning (WAS) team has released a crucial update to its security signatures, which now includes detection for vulnerabilities in several widely used software applications like Adobe ColdFusion, Oracle WebLogic, Webmin, Zabbix, WordPress, PHP, and Apache Tomcat.
These vulnerabilities could lead to serious security risks such as data breaches, unauthorized access, and other malicious activities if left unaddressed. It is essential for organizations to perform a comprehensive security review and address any potential vulnerabilities to ensure the safety and security of their networks and systems.
| QID | Title |
| 150690 | Adobe ColdFusion CFC Deserialization RCE Vulnerability (APSB23-25) |
| 150696 | Oracle WebLogic Server Multiple Vulnerabilities (CPUJUL2023) |
| 150697 | Webmin Multiple Cross-Site Scripting (XSS) Vulnerabilities |
| 150698 | Zabbix Improper Input Validation Vulnerability (CVE-2023-29451) |
| 150699 | WordPress Ninja Forms Plugin: Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2023-37979) |
| 150700 | Zabbix Sensitive Information Disclosure Vulnerability (CVE-2023-29450) |
| 150702 | PHP SOAP Digest Authentication Vulnerability (CVE-2023-3247) |
| 150703 | PHP Multiple Vulnerabilities (CVE-2023-3824, CVE-2023-3823) |
| 150704 | Apache Tomcat Open Redirect Vulnerability (CVE-2023-41080) |
| 150705 | Zabbix Improper Input Validation Vulnerability (CVE-2023-29456) |
QID 150690: Adobe ColdFusion CFC Deserialization RCE Vulnerability (APSB23-25)
| CVE-ID | CVE-2023-26360, CVE-2023-26359, CVE-2023-26361 |
| Severity | Level 5 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 22, 284, 502 |
| Affected Versions | ColdFusion (2021 release) Update 5 and earlier versions. ColdFusion (2018 release) Update 15 and earlier versions. |
Description
Adobe ColdFusion, a valuable application for web development, has recently received security updates for its 2021 and 2018 versions. These updates have been issued in response to discovering multiple vulnerabilities within Adobe ColdFusion. These vulnerabilities, if exploited, can potentially lead to Arbitrary Code Execution, posing a significant risk to the affected systems. It is crucial for users to promptly apply these security updates to mitigate these potential threats and ensure the continued security of their web development environments.
Customers are advised to refer to APSB23-25 for updates about this vulnerability.
QID 150696: Oracle WebLogic Server Multiple Vulnerabilities (CPUJUL2023)
| CVE-ID | CVE-2023-26119, CVE-2023-1436, CVE-2023-1370, CVE-2022-42890, CVE-2023-20860, CVE-2022-24409, CVE-2023-20863, CVE-2023-22040, CVE-2021-28168, CVE-2023-22031, CVE-2020-8908 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 1352 |
| Affected Versions | Oracle WebLogic Server version 12.2.1.4.0 Oracle WebLogic Server version 14.1.1.0.0 |
Description
Oracle WebLogic Server, previously known as BEA WebLogic Server, is a popular platform for enterprises to build and deploy their applications and services. However, recent reports indicate that the Oracle WebLogic Server component in Oracle Fusion Middleware for versions 12.2.1.4.0 and 14.1.1.0.0 has been found to have multiple vulnerabilities.
The consequences of exploiting these vulnerabilities are dire. An attacker who successfully exploits these weaknesses can potentially compromise and take control of the entire Oracle WebLogic Server. This can lead to the attacker having access to sensitive information and disrupting the normal functioning of the enterprise applications and services hosted on the server.
To mitigate these risks, Oracle has released patches for these vulnerabilities. Customers are advised to immediately update their Oracle WebLogic Server installations to the latest patched version. Detailed information about the patches and their installation process can be found in Oracle’s Critical Patch Update (Oracle – CPUJUL2023).
QID 150697: Webmin Multiple Cross-Site Scripting (XSS) Vulnerabilities
| CVE-ID | CVE-2023-38303, CVE-2023-38304, CVE-2023-38305, CVE-2023-38306, CVE-2023-38307, CVE-2023-38308, CVE-2023-38309, CVE-2023-38310, CVE-2023-38311 |
| Severity | Level 3 |
| CVSS 3.1 | 6.1 |
| CWE-ID | 79 |
| Affected Versions | Webmin version 2.021 |
Description
Webmin, a versatile web-based server management control panel designed for Unix-like systems, has recently found multiple Cross-Site Scripting (XSS) vulnerabilities in various sections of its interface. These vulnerabilities are present in areas such as Users and Groups, Download and Upload functionality, HTTP Tunnel functionality, Package search options, and Configuration settings for system logs.
The successful exploitation of these vulnerabilities could enable an attacker to execute arbitrary JavaScript code within the context of the interface, potentially leading to unauthorized access to sensitive browser-based information.
To address these security concerns, customers are strongly advised to upgrade to the latest version of Webmin.
QID 150698: Zabbix Improper Input Validation Vulnerability (CVE-2023-29451)
| CVE-ID | CVE-2023-29451 |
| Severity | Level 4 |
| CVSS 3.1 | 7.5 |
| CWE-ID | 20,787 |
| Affected Versions | Zabbix before version 6.0.14 Zabbix version from 6.4.2 to 6.4.4 |
Description
Zabbix, the open-source software designed for monitoring IT infrastructure components like networks, servers, virtual machines, and cloud services, has recently encountered a security issue. This vulnerability stems from a specially crafted string that can trigger a buffer overrun within the JSON parser library. Consequently, this can result in the Zabbix Server or a Zabbix Proxy crashing.
The successful exploitation of this vulnerability may disrupt the Zabbix server’s functionality, affecting its ability to monitor and manage the IT infrastructure effectively.
To address this concern and ensure the stability and security of the Zabbix monitoring system, customers are strongly advised to upgrade to the latest version of Zabbix. This step will help mitigate the vulnerability and maintain the integrity of their monitoring environment. For additional details, please refer to ZBX-22587.
QID 150699: WordPress Ninja Forms Plugin: Reflected Cross-Site Scripting (XSS) vulnerability (CVE-2023-37979)
| CVE-ID | CVE-2023-37979 |
| Ninja Forms plugin before 3.6.26 | Level 3 |
| CVSS 3.1 | 6.1 |
| CWE-ID | 79 |
| Affected Versions | Ninja Forms plugin prior to 3.6.26 |
Description
Ninja Forms, a popular free form builder plugin for WordPress, empowers users to create customized forms effortlessly using drag-and-drop functionality. However, specific versions of Ninja Forms have identified a security concern.
This vulnerability revolves around a POST-based reflected cross-site scripting (XSS) flaw. The flaw could enable an unauthenticated user to escalate privileges on a targeted WordPress site. This is achieved by deceiving privileged users into visiting a specially crafted website.
In the event of a successful exploitation, an attacker could execute arbitrary JavaScript code within the context of the interface. This malicious code could compromise the website’s security or grant unauthorized access to sensitive browser-based information.
To safeguard your WordPress site and prevent such vulnerabilities, it is strongly recommended that you upgrade to Ninja Forms 3.6.26 or a later release. This action will effectively address the identified vulnerability and enhance the security of your website.
QID 150700: Zabbix Sensitive Information Disclosure Vulnerability (CVE-2023-29450)
| CVE-ID | CVE-2023-29450 |
| Severity | Level 4 |
| CVSS 3.1 | 7.5 |
| CWE-ID | 200,552 |
| Affected Versions | Zabbix before version 5.0.34 Zabbix version from 6.0.0 to 6.0.16 Zabbix version from 6.4.0 to 6.4.1 Zabbix version from 6.4.3 to 6.4.4 |
Description
Zabbix, the versatile open-source software designed for IT infrastructure monitoring, is an invaluable tool for managing networks, servers, virtual machines, and cloud services. However, it has come to our attention that a security vulnerability exists in specific versions of Zabbix.
This vulnerability arises from exploiting JavaScript pre-processing, which an attacker can harness to access the file system. This access is limited to read-only permissions on behalf of the user “Zabbix.” While it does not grant complete system control, it can still pose a significant risk by potentially allowing unauthorized access to sensitive data.
Successful exploitation of this vulnerability could empower an unauthorized attacker to obtain sensitive information. For further details and comprehensive information on this vulnerability, please refer to ZBX-22588
QID 150702: PHP SOAP Digest Authentication Vulnerability (CVE-2023-3247)
| CVE-ID | CVE-2023-3247 |
| Severity | Level 3 |
| CVSS 3.1 | 4.3 |
| CWE-ID | 330,252 |
| Affected Versions | PHP versions from 8.0.0 before 8.0.29 PHP versions from 8.1.0 before 8.1.20 PHP versions from 8.2.0 before 8.2.7 |
Description
PHP, a versatile programming language known for its extensive use in web-based applications, is essential to numerous online software systems. However, it has recently come to our attention that PHP may be susceptible to a security vulnerability related to SOAP HTTP Digest Authentication.
The issue stems from the random value generator used in this authentication method. Unfortunately, the generator was not adequately verified for failure and operated within a more limited range of values than intended. In the event of a random generator failure, this vulnerability could potentially lead to the disclosure of 31 bits of uninitialized memory from the client to the server. Furthermore, it could facilitate the guessing of the client’s nonce by malicious servers
To address this security concern and bolster the integrity of your PHP-based applications, we strongly recommend upgrading to the latest version of PHP. For comprehensive details and further insights into this vulnerability, please refer to GHSA-76gg-c692-v2mw.
QID 150703: PHP Multiple Vulnerabilities (CVE-2023-3824, CVE-2023-3823)
| CVE-ID | CVE-2023-3824, CVE-2023-3823 |
| Severity | Level 4 |
| CVSS 3.1 | 9.8 |
| CWE-ID | 119,611 |
| Affected Versions | PHP versions from 8.0.0 before 8.0.30 PHP versions from 8.1.0 before 8.1.22 PHP versions from 8.2.0 before 8.2.8 |
Description
PHP, a versatile programming language widely used in web-based applications, has been found to have vulnerabilities in specific affected versions. These vulnerabilities, denoted by CVE-2023-3824 and CVE-2023-3823, warrant immediate attention and action.
CVE-2023-3824: When loading a PHAR file in PHP, an issue arises while reading PHAR directory entries. Inadequate length checking in this process may potentially lead to a stack buffer overflow. This overflow could result in memory corruption or, in more severe cases, remote code execution (RCE).
CVE-2023-3823: PHP relies on libxml global state for various XML functions to track configuration variables, including whether external entities are loaded. While PHP assumes that this state remains unchanged unless explicitly modified by users, it’s crucial to note that it is process-global. Consequently, other modules within the same process, such as ImageMagick, may inadvertently alter this global state for their internal purposes. This can leave the state in a condition where external entity loading is enabled, potentially leading to the parsing of external XML with loaded external entities. Such a scenario could result in disclosing any local files accessible to PHP. Importantly, this vulnerable state may persist across multiple requests within the same process until the process is terminated.
To address these vulnerabilities and fortify the security of your PHP environment, we strongly recommend upgrading to the latest version of PHP.
QID 150704: Apache Tomcat Open Redirect Vulnerability (CVE-2023-41080)
| CVE-ID | CVE-2023-41080 |
| Severity | Level 3 |
| CVSS 3.1 | 6.1 |
| CWE-ID | 601 |
| Affected Versions | Apache Tomcat 11.0.0-M1 to 11.0.0-M10 Apache Tomcat 10.1.0-M1 to 10.1.12 Apache Tomcat 9.0.0-M1 to 9.0.79 Apache Tomcat 8.5.0 to 8.5.92 |
Description
Apache Tomcat, a widely-used open-source web server and servlet container, has been identified with a security vulnerability that warrants attention.
When the ROOT (default) web application is configured to use FORM authentication, it opens up the possibility of a specific type of attack. Attackers could potentially exploit this configuration by employing a specially crafted URL. This malicious URL could trigger a redirection to a URL of the attacker’s choosing. If successfully executed, this vulnerability allows attackers to deceive users into following a link that redirects them to an arbitrary external URL, which could be under the attacker’s control.
To address this vulnerability, it is recommended that customers upgrade to one of the following versions of Apache Tomcat: 11.0.0-M11, 10.1.13, 9.0.80, or 8.5.93, or install a newer version. For additional information, please refer to the Apache Tomcat Security Advisory.
QID 150705: Zabbix Improper Input Validation Vulnerability (CVE-2023-29456)
| CVE-ID | CVE-2023-29456 |
| Severity | Level 3 |
| CVSS 3.1 | 5.4 |
| CWE-ID | 20,79 |
| Affected Versions | Zabbix version from 4.0.0 to 4.0.46 Zabbix version from 5.0.0 to 5.0.35 Zabbix version from 6.0.0 to 6.0.18 Zabbix version from 6.4.0 to 6.4.3 |
Description
Zabbix, the open-source tool designed for monitoring IT infrastructure, including networks, servers, virtual machines, and cloud services, has been identified with a security concern related to its URL validation scheme.
In essence, the URL validation scheme in Zabbix receives input from users and parses it to discern various components. This process ensures that all URL components adhere to Internet standards and conventions. However, there is a recognized inefficiency in this validation scheme, which, unfortunately, leads to the possibility of Cross-Site Scripting (XSS) vulnerabilities. These vulnerabilities can manifest in areas such as maps, triggers, and other sections where links can be added.
To fortify the security of your Zabbix deployment and minimize the risk associated with these XSS vulnerabilities, we strongly recommend upgrading to the latest version of Zabbix.
For a more detailed understanding of this issue and its remediation, please refer to ZBX-22987.