Infinite Loop Vulnerability in libX11 Leads to Denial of Service
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 9
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Vendor
- CVE Published:
- 10 October 2023
Badges
Summary
- CVE-2023-51467 is a critical vulnerability in the Apache OFBiz ERP system, with a high CVSS score of 9.8, allowing attackers to bypass authentication processes and execute server-side request forgery (SSRF). - The vulnerability was discovered during a root cause analysis of CVE-2023-49070, indicating that it resulted from an incomplete patch for the earlier vulnerability. - Exploitation attempts have been observed in the wild, highlighting the active interest of threat actors, including ransomware groups. - Apache OFBiz developers released version 18.12.11 to fix the vulnerability, and organizations are advised to upgrade promptly to mitigate the risk. - Prior to the release of the patch, there were around 170 internet-exposed instances of OFBiz, but the number has decreased significantly post-patch release. - Publicly available proof-of-concept exploits and scanning activities for vulnerable systems emphasize the urgency of addressing this vulnerability. - Exploitation of CVE-2023-51467 poses a significant risk, potentially leading to unauthorized access, data breaches, system compromise, and further malware spread. - This vulnerability is part of a larger pattern of critical vulnerabilities being targeted in Apache software, emphasizing the importance of timely patching and security vigilance.
Affected Version(s)
Red Hat Enterprise Linux 8 <= 0:1.6.8-8.el8
Red Hat Enterprise Linux 9 <= 0:1.7.0-9.el9
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know
Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.
8 months ago
CVE-2023-43786 & CVE-2023-43787 Vulns in libX11: All You Need To Know
Learn all about the 35-year-old vulnerabilities found by our Security Team in libX11, causing a denial-of-service and remote code execution.
8 months ago
CVSS V3.1
Timeline
- 👾
Exploit exists.
First article discovered by JFrog
Vulnerability published.
Reported to Red Hat.
Vulnerability Reserved.