May 3, 2024
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Advisory – CVE-2023-5552 – Sophos Firewall Vulnerability
October 19, 2023
Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
October 20, 2023
Rewterz Threat Advisory – CVE-2023-5552 – Sophos Firewall Vulnerability
October 19, 2023
Rewterz Threat Alert – APT Group Gamaredon aka Shuckworm – Active IOCs
October 20, 2023
Severity
High
Analysis Summary
CVE-2023-45802 CVSS:7.5
Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when a HTTP/2 stream was reset (RST frame) by a client. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust available memory, and results in a denial of service condition.
CVE-2023-43622 CVSS:7.5
Apache HTTP Server is vulnerable to a denial of service, caused by a flaw when opening a HTTP/2 connection with an initial window size of 0. By sending specially crafted requests, a remote attacker could exploit this vulnerability to exhaust worker resources in the server, and results in a denial of service condition.
CVE-2023-31122 CVSS:7.5
Apache HTTP Server could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read flaw in the mod_macro module. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-25753 CVSS:9.1
Apache ShenYu is vulnerable to server-side request forgery, caused by a flaw in the /sandbox/proxyGateway endpoint. By sending a specially crafted request, an attacker could exploit this vulnerability to conduct SSRF attack to manipulate arbitrary requests and retrieve corresponding responses.
CVE-2023-46227 CVSS:7.5
Apache InLong could allow a remote attacker to obtain sensitive information, caused by an unsafe deserialization flaw. By sending a specially crafted request, an attacker could exploit this vulnerability to read arbitrary files, and use this information to launch further attacks against the affected system.
Impact
- Denial of Service
- Information Theft
- Gain Access
- Information Disclosure
Indicators Of Compromise
CVE
- CVE-2023-45802
- CVE-2023-43622
- CVE-2023-31122
- CVE-2023-25753
- CVE-2023-46227
Affected Vendors
Apache
Affected Products
- Apache HTTP Server 2.4.57
- Apache ShenYu 2.5.1
- Apache InLong 1.4.0
- Apache InLong 1.5.0
- Apache InLong 1.6.0
- Apache InLong 1.7.0
- Apache InLong 1.8.0
Remediation
Refer to Apache Web site for patch, upgrade or suggested workaround information.