User controlled `request.getHeader("Referer")`, `request.getRequestURL()` and `request.getQueryString()` are used to build and run a regex expression. The attacker doesn't have to use a browser and may send a specially crafted Referer header programmatically. Since the attacker controls the string and the regex pattern he may cause a ReDoS by regex catastrophic backtracking on the server side. This problem has been fixed in Roller 6.0.2.
Fixes

Solution

No solution given by the vendor.


Workaround

This problem has been fixed in Roller 6.0.2. If you are not able to upgrade then you can "work around" the problem. If Banned-Words Referrer processing is enabled and you are concerned about this type of attack then disable it. In the Roller properties, set this property site.bannedwordslist.enable.referrers=false

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2024-08-03T23:50:43.188Z

Reserved: 2021-05-26T00:00:00

Link: CVE-2021-33580

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-08-18T08:15:06.173

Modified: 2024-11-21T06:09:08.060

Link: CVE-2021-33580

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.