User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
This problem has been fixed in Roller 6.0.2. If you are not able to upgrade then you can "work around" the problem. If Banned-Words Referrer processing is enabled and you are concerned about this type of attack then disable it. In the Roller properties, set this property site.bannedwordslist.enable.referrers=false
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-03T23:50:43.188Z
Reserved: 2021-05-26T00:00:00
Link: CVE-2021-33580

No data.

Status : Modified
Published: 2021-08-18T08:15:06.173
Modified: 2024-11-21T06:09:08.060
Link: CVE-2021-33580

No data.

No data.