Date: Tue, 17 Aug 2021 18:09:32 -0400 From: Dave <snoopdave@...il.com> To: oss-security@...ts.openwall.com Subject: CVE-2021-33580: Apache Roller: regex injection leading to DoS Severity: Low: This attack will only work if Banned-words Referrer processing is turned on in Roller and it is off-by-default. Description: User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. Mitigation: This problem has been fixed in Roller 6.0.2. If you are not able to upgrade then you can "work around" the problem. If Banned-Words Referrer processing is enabled and you are concerned about this type of attack then disable it. In the Roller properties, set this property site.bannedwordslist.enable.referrers=false Credit: Apache Roller would like to thank Ed Ra (https://github.com/edvraa) for reporting this.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.