Infinite Loop Vulnerability in libX11 Leads to Denial of Service

Summary

- CVE-2023-51467 is a critical vulnerability in the Apache OFBiz ERP system, with a high CVSS score of 9.8, allowing attackers to bypass authentication processes and execute server-side request forgery (SSRF). - The vulnerability was discovered during a root cause analysis of CVE-2023-49070, indicating that it resulted from an incomplete patch for the earlier vulnerability. - Exploitation attempts have been observed in the wild, highlighting the active interest of threat actors, including ransomware groups. - Apache OFBiz developers released version 18.12.11 to fix the vulnerability, and organizations are advised to upgrade promptly to mitigate the risk. - Prior to the release of the patch, there were around 170 internet-exposed instances of OFBiz, but the number has decreased significantly post-patch release. - Publicly available proof-of-concept exploits and scanning activities for vulnerable systems emphasize the urgency of addressing this vulnerability. - Exploitation of CVE-2023-51467 poses a significant risk, potentially leading to unauthorized access, data breaches, system compromise, and further malware spread. - This vulnerability is part of a larger pattern of critical vulnerabilities being targeted in Apache software, emphasizing the importance of timely patching and security vigilance.

News Articles

JFrog

CVE-2023-43786CVE-2023-43787

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

8 months ago

JFrog

CVE-2023-43787CVE-2023-43786

CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know

Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.

8 months ago