Home » IT Security: F5, Linux and UNIX networks are threatened – IT safety alert replace on Eclipse Jetty (Risk: medium)

IT Security: F5, Linux and UNIX networks are threatened – IT safety alert replace on Eclipse Jetty (Risk: medium)

by admin
IT Security: F5, Linux and UNIX networks are threatened – IT safety alert replace on Eclipse Jetty (Risk: medium)

The security alert issued for Eclipse Jetty has obtained an replace from BSI. You can discover out what affected customers can do right here.

Federal workplace for Security on Information Technology (BSI) revealed an replace on May 16, 2024 relating to the Eclipse Jetty safety vulnerability identified on October 25, 2020. The safety vulnerability impacts F5 Networks, Linux and UNIX working techniques and merchandise Debian Linux, Red Hat Enterprise Linux, F5 BIG-IP and Eclipse Jetty.

The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: IBM Security Bulletin 7153639 (From 17 May 2024). Some helpful sources are listed later on this article.

Eclipse Jetty security discover – Risk: average

Risk stage: 3 (average)
CVSS Base Score: 5.3
CVSS provisional rating: 4,6
Remote assault: No

The Common Vulnerability Scoring System (CVSS) is used to evaluate the vulnerability of laptop techniques. The CVSS customary makes it potential to check potential or precise safety dangers based mostly on numerous metrics to create a precedence listing for countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, consumer interplay) and its outcomes. For non permanent impact, body circumstances that will change over time are thought of within the check. The severity of the present vulnerability is assessed as “average” in accordance with the CVSS with a base rating of 5.3.

Eclipse Jetty Bug: Vulnerability permits safety measures to be bypassed

Eclipse Jetty is a Java HTTP server and Java servlet container.

See also  This is how much the prices for energy-efficient properties are rising

A neighborhood attacker might use an Eclipse Jetty vulnerability to bypass safety measures.

Vulnerabilities have been categorized utilizing the CVE (Common Vulnerabilities and Exposures) reference system for every product quantity CVE-2020-27216.

Systems affected by the safety hole at a look

Operating techniques
F5 Networks, Linux, UNIX

Products
Debian Linux (cpe:/o:debian:debian_linux)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
F5 BIG-IP (cpe:/a:f5:big-ip)
Eclipse Jetty Eclipse Jetty Eclipse Jetty F5 BIG-IP

Common steps to deal with IT safety gaps

  1. Users of the affected apps ought to keep up-to-date. When safety holes are identified, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
  2. For info, see the sources listed within the subsequent part. This usually accommodates extra details about the newest model of the software program in query and the supply of safety patches or efficiency suggestions.
  3. If you have got any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to recurrently verify the desired sources to see if a brand new safety replace is offered.

Manufacturer details about updates, patches and workarounds

Here you’ll discover some hyperlinks with details about bug reviews, safety fixes and workarounds.

IBM Security Bulletin 7153639 vom 2024-05-17 (16.05.2024)
For extra info, see:

F5 Security Advisory K18484125 vom 2022-06-22 (22.06.2023)
For extra info, see:

F5 Security Advisory K18484125 vom 2022-05-18 (18.05.2022)
For extra info, see:

Red Hat Security Advisory RHSA-2021:3140 vom 2021-08-11 (11.08.2021)
For extra info, see:

Debian Security Advisory DSA-4949 vom 2021-08-05 (04.08.2021)
For extra info, see:

See also  Apple is trying to copyright Apple - Gamereactor

Red Hat Security Advisory RHSA-2021:2430 vom 2021-07-02 (01.07.2021)
For extra info, see:

Red Hat Security Advisory RHSA-2021:2517 vom 2021-06-30 (30.06.2021)
For extra info, see:

Red Hat Security Advisory RHSA-2021:2499 vom 2021-06-29 (28.06.2021)
For extra info, see:

Debian Security Advisory DLA-2661 vom 2021-05-14 (16.05.2021)
For extra info, see:

Red Hat Security Advisory RHSA-2021:0329 vom 2021-02-02 (01.02.2021)
For extra info, see:

Red Hat Security Advisory RHSA-2020:5365 vom 2020-12-08 (07.12.2020)
For extra info, see:

Red Hat Security Advisory RHSA-2020:5168 vom 2020-11-23 (22.11.2020)
For extra info, see:

Github Eclipse Jetty vom 2020-10-25 (25.10.2020)
For extra info, see:

Version historical past of this safety alert

This is model 13 of this Eclipse Jetty IT Security Notice. This doc might be up to date as extra updates are introduced. You can examine adjustments or additions on this model historical past.

October 25, 2020 – First model
November 22, 2020 – New updates from Red Hat have been added
12/07/2020 – New updates from Red Hat have been added
02/01/2021 – New updates from Red Hat have been added
May 16, 2021 – New updates from Debian added
June 28, 2021 – New updates from Red Hat have been added
June 30, 2021 – New updates from Red Hat added
July 1, 2021 – New updates from Red Hat added
08/04/2021 – New updates from Debian added
08/11/2021 – New updates from Red Hat have been added
May 18, 2022 – New info added from F5
06/22/2023 – New F5 updates added
May 16, 2024 – New updates from IBM added

See also  Impact startup Silencio gets 1 million VC for noise level database

+++ Editorial observe: This doc is predicated on present BSI information and might be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++

observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial group.

kns/roj/information.de

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy