June Web Application Vulnerabilities Released

John Delaroderie

The Apache, Atlassian, Lighttpd, PHP, and WordPress frameworks have all been identified as having vulnerabilities by the Qualys WAS team. Organizations on their networks can quickly investigate for the following vulnerabilities. Our continued mission to enhance the scanning engine in Qualys Web Application Scanning includes this release.

Apache

QID 150523: Atlassian Confluence Server and Data Center OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)

An OGNL Injection occurs when there is insufficient validation of user-supplied data, and the EL interpreter attempts to interpret it enabling attackers to inject their own EL code. To exploit a vulnerable server, a remote attacker can send a malicious HTTP GET request with an OGNL payload in the URI. 

QID 150531: Apache Tomcat Encrypt Interceptor DoS Vulnerability (CVE-2022-29885)

In Apache Tomcat, this QID sends an HTTP GET request to an invalid URL and, based on the response, confirms the vulnerable instance of Apache Tomcat running on the host. Successful exploitation of the vulnerability can allow an attacker to trigger a DoS via Uncontrolled Resource Consumption.

QID 150532 – Apache Tomcat Request Mix-Up Vulnerability (CVE-2022-25762)

The concurrent transmission of WebSocket message when the WebSocket connection is closed, and the error handling is triggered can cause the pooled object to be placed in the pool twice. As a result, subsequent links could lead to application stability issues or data transferred to the wrong user.

Atlassian

QID 150523: Atlassian Confluence Server and Data Center OGNL Injection Remote Code Execution (RCE) Vulnerability (CVE-2022-26134)

An OGNL Injection occurs when there is insufficient validation of user-supplied data, and the EL interpreter attempts to interpret it enabling attackers to inject their own EL code. To exploit a vulnerable server, a remote attacker can send a malicious HTTP GET request with an OGNL payload in the URI. 

Lighttpd

QID 150534: Lighttpd server Denial of Service (DoS) Vulnerability (CVE-2022-30780)

The successful exploitation of the vulnerability could allow a remote attacker to cause a denial of Service (DoS) attack, driving increased CPU consumption from stuck connections.

PHP

QID 150522: EOL/Obsolete Software: PHP 5.x Detected

The support for Microsoft Access Database Engine technology 2007 ended in 2017. The vendor no longer provides updates; obsolete software is more vulnerable to viruses and attacks. As a result, the system is at elevated risk of being exposed to security vulnerabilities.

QID 150525: PHP Input Validation Vulnerability (CVE-2021-21708)

When using filter functions with FILTER_VALIDATE_FLOAT, there is a possibility to trigger the use of allocated memory if the filter fails to validate. Successful exploitation of the vulnerability may allow attackers to crash the PHP process, Denial of Service (DoS), or Remote Code Execution.

WordPress

QID 150519: WordPress Photo Gallery Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2022-1281)

Photo Gallery plugin is a feature-rich yet easy-to-use WordPress tool that lets you add mobile-friendly image galleries and gallery groups to your website. The manipulation of the argument filter_tag with an unknown input led to a SQL injection vulnerability. 

QID 150526: WordPress WP Maintenance Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2021-36828)

When the unfiltered HTML is blocked, the plugin’s inability to filter might allow highly privileged users like the admin to conduct Cross-Site Scripting attacks.

QID 150527: WordPress Photo Gallery Plugin: Reflected Cross-Site Scripting Vulnerability (CVE-2022-1282)

Photo Gallery plugin is a feature-rich yet easy-to-use WordPress tool that lets you add mobile-friendly image galleries and gallery groups to your website.

When the editimage_bwg AJAX action is used, the plugin fails to correctly sanitize the $_GET[‘image url’] variable, which is mirrored back to the users.

QID 150529: WordPress Elementor Plugin: DOM-based Reflected Cross-Site Scripting (XSS) Vulnerability (CVE-2022-29455)

The highly famous WordPress plugin Elementor, an easy-to-use visual builder, enables web designers to create intuitive, pixel-perfect websites. 

The plugin has a DOM Cross-Site Scripting problem since it does not sanitize or escape user input added to the DOM through a malicious hash. A successful exploit might provide an attacker access to private, browser-based data or the ability to execute arbitrary JavaScript code in the context of the interface.

QID 150530: WordPress GDPR Cookie Consent Plugin: Improper Access Controls Vulnerability (CVE-2020-20633)

GDPR Cookie Consent is a plugin that allows website owners to display a minimal modal to enable site visitors to examine and consent to receiving cookies from that site.

AJAX call cli policy generator has a problem with access controls that might allow a subscriber or other authenticated user with low privileges to:

  • Change any post or page’s status from published to draught to remove it from the blog’s front end.
  • Inject a payload into one of its contents, causing Stored Cross-Site Scripting (XSS) problems.

If you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact support while logged into the platform. Feel free to post a question on Qualys Community as well.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *