CVE-2021-33580

Summary

User controlled request.getHeader("Referer"), request.getRequestURL() and request.getQueryString() are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache RollerApache Roller < 6.0.2affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

Workarounds

This problem has been fixed in Roller 6.0.2. If you are not able to upgrade then you can "work around" the problem.

If Banned-Words Referrer processing is enabled and you are concerned about this type of attack then disable it.

In the Roller properties, set this property site.bannedwordslist.enable.referrers=false

ADP Enrichment

CVE Program Container

Additional References

References