regex injection leading to DoS
CVE-2021-33580

7.5HIGH

Key Information:

Vendor: Apache
Status: Apache Roller
Vendor: CVE Published:; 18 August 2021

Summary

User controlled request.getHeader("Referer"), request.getRequestURL() and request.getQueryString() are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.

Affected Version(s)

Apache Roller Apache Roller < 6.0.2

References

https://lists.apache.org/thread.html/r9d967d80af941717573...

x_refsource_MISC

http://www.openwall.com/lists/oss-security/2021/08/18/1

mailing-listx_refsource_MLIST

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 18, 2021
Vulnerability Reserved
May 26, 2021

Credit

Apache Roller would like to thank Ed Ra (https://github.com/edvraa) for reporting this.