Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReDoS vulnerability in parser_apache2
Vulnerability Description
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Fluentd 资源管理错误漏洞
Vulnerability Description
Fluentd是云原生计算(Cloud Native Computing Foundation)基金会的一个开源日志收集器。用于从各种数据源收集事件并将它们写入文件、Rdbms、NoSql、IaaS、SaaS、Hadoop 等。 Fluentd v0.14.14到v1.14.1版本存在资源管理错误漏洞,该漏洞源于软件的插件parser_apache2插件对于正则表达式处理存在问题,具有特定字符串模式的受损apache日志可能会导致正则表达式处理时间过长,从而导致拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A