[jira] [Updated] (KNOX-3039) Vulnerability Disclosure: IP Address Exposure in HTTP 500 Error Message

Guillermo Kardolus (Jira) Mon, 03 Jun 2024 20:19:05 -0700


     [ 
https://issues.apache.org/jira/browse/KNOX-3039?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Guillermo Kardolus updated KNOX-3039:
-------------------------------------
    Description: 
A potential security vulnerability has been identified in Apache Knox where 
internal IP addresses are exposed in HTTP 500 error messages. This issue can 
occur when a user modifies the URL for one of the proxy services, leading to an 
error page that includes the IP address of the internal service.

*Steps to Reproduce:*
 # Navigate to a proxy service URL, for example:
{{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=8051]>}}
 # Modify the {{port}} parameter to an invalid port, such as:
{{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=9999]>}}
 # Observe the resulting HTTP 500 error message which includes the internal IP 
address.

*Observed Behavior:* The error message reveals the internal IP address in the 
stack trace, which can be used by an attacker for port scanning and other 
malicious activities.

*Example:*
{code:java}
HTTP ERROR 500 java.io.IOException: java.io.IOException: Service connectivity 
error.

MESSAGE: java.io.IOException: java.io.IOException: Service connectivity error.
...
CAUSED BY: java.io.IOException: Connect to example.com:9996 
[example.com/10.140.190.10] failed: Connection refused (Connection refused)
... {code}
*Expected Behavior:* Error messages should not expose internal IP addresses. 
Instead, they should be sanitized to prevent the disclosure of sensitive 
information.

*Proposed Solution:*
 # *Sanitization Mechanism:* Implement a mechanism to sanitize error messages 
before they are sent to the client. This can include replacing IP addresses 
with placeholders such as {{{}[hidden]{}}}.
 # *Configuration Options:* Provide configuration options for users to enable 
or disable this sanitization based on their security needs. By default, users 
should opt-in to this new sanitization functionality, with an option to opt-out 
if necessary.
 # *Knox-specific Error Page:* Alternatively, consider implementing a 
Knox-specific error page that displays an error message without revealing any 
sensitive information.

  was:
A potential security vulnerability has been identified in Apache Knox where 
internal IP addresses are exposed in HTTP 500 error messages. This issue can 
occur when a user modifies the URL for one of the proxy services, leading to an 
error page that includes the IP address of the internal service.

*Steps to Reproduce:*
 # Navigate to a proxy service URL, for example:
{{<https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=8051>}}
 # Modify the {{port}} parameter to an invalid port, such as:
{{<https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=9999>}}
 # Observe the resulting HTTP 500 error message which includes the internal IP 
address.

*Observed Behavior:* The error message reveals the internal IP address in the 
stack trace, which can be used by an attacker for port scanning and other 
malicious activities.

*Example:*
{code:java}
HTTP ERROR 500 java.io.IOException: java.io.IOException: Service connectivity 
error.

MESSAGE: java.io.IOException: java.io.IOException: Service connectivity error.
...
CAUSED BY: java.io.IOException: Connect to example.com:9996 
[example.com/10.140.190.10] failed: Connection refused (Connection refused)
... {code}
*Expected Behavior:* Error messages should not expose internal IP addresses. 
Instead, they should be sanitized to prevent the disclosure of sensitive 
information.

*Proposed Solution:*
 # *Sanitization Mechanism:* Implement a mechanism to sanitize error messages 
before they are sent to the client. This can include replacing IP addresses 
with placeholders such as {{{}[hidden]{}}}.
 # *Configuration Options:* Provide configuration options for users to enable 
or disable this sanitization based on their security needs. By default, users 
should opt-in to this new sanitization functionality, with an option to opt-out 
if necessary.
 # *Knox-specific Error Page:* Additionally, it has been proposed to create a 
Knox-specific error page that can be displayed in case of such errors. This 
error page can provide a generic error message without revealing any sensitive 
information, further enhancing security.


> Vulnerability Disclosure: IP Address Exposure in HTTP 500 Error Message
> -----------------------------------------------------------------------
>
>                 Key: KNOX-3039
>                 URL: https://issues.apache.org/jira/browse/KNOX-3039
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: Server
>            Reporter: Guillermo Kardolus
>            Priority: Major
>
> A potential security vulnerability has been identified in Apache Knox where 
> internal IP addresses are exposed in HTTP 500 error messages. This issue can 
> occur when a user modifies the URL for one of the proxy services, leading to 
> an error page that includes the IP address of the internal service.
> *Steps to Reproduce:*
>  # Navigate to a proxy service URL, for example:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=8051]>}}
>  # Modify the {{port}} parameter to an invalid port, such as:
> {{<[https://example.com:8443/gateway/proxy/service?scheme=https&host=example.com&port=9999]>}}
>  # Observe the resulting HTTP 500 error message which includes the internal 
> IP address.
> *Observed Behavior:* The error message reveals the internal IP address in the 
> stack trace, which can be used by an attacker for port scanning and other 
> malicious activities.
> *Example:*
> {code:java}
> HTTP ERROR 500 java.io.IOException: java.io.IOException: Service connectivity 
> error.
> MESSAGE: java.io.IOException: java.io.IOException: Service connectivity error.
> ...
> CAUSED BY: java.io.IOException: Connect to example.com:9996 
> [example.com/10.140.190.10] failed: Connection refused (Connection refused)
> ... {code}
> *Expected Behavior:* Error messages should not expose internal IP addresses. 
> Instead, they should be sanitized to prevent the disclosure of sensitive 
> information.
> *Proposed Solution:*
>  # *Sanitization Mechanism:* Implement a mechanism to sanitize error messages 
> before they are sent to the client. This can include replacing IP addresses 
> with placeholders such as {{{}[hidden]{}}}.
>  # *Configuration Options:* Provide configuration options for users to enable 
> or disable this sanitization based on their security needs. By default, users 
> should opt-in to this new sanitization functionality, with an option to 
> opt-out if necessary.
>  # *Knox-specific Error Page:* Alternatively, consider implementing a 
> Knox-specific error page that displays an error message without revealing any 
> sensitive information.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (KNOX-3039) Vulnerability Disclosure: IP Address Exposure in HTTP 500 Error Message

Reply via email to