Otp
Monthly
Authorization bypass in Erlang OTP's inets HTTP server allows unanauthenticated remote attackers to execute CGI scripts protected by directory-level access controls. The vulnerability stems from a path mismatch where mod_auth validates access against DocumentRoot-relative paths while mod_cgi executes scripts at ScriptAlias-resolved paths outside DocumentRoot. With CVSS 8.3 (AV:N/AC:L/PR:N), the attack requires no authentication and low complexity but depends on specific ScriptAlias configurations (AT:P). SSVC assessment confirms the vulnerability is automatable with partial technical impact. No public exploit identified at time of analysis, though SSVC indicates exploitation status 'none'. Vendor-released patches available for affected OTP versions 17.0 through 28.4.1.
Erlang OTP public_key module (versions 1.16 through 1.20.3 and 1.17.1.2) fails to cryptographically verify OCSP responder certificate signatures, allowing network attackers to forge OCSP responses with self-signed certificates bearing matching issuer names and OCSPSigning extended key usage. This bypasses certificate revocation checks in SSL/TLS clients using OCSP stapling, enabling man-in-the-middle attackers to present revoked certificates as valid and intercept sensitive communications. Vendor-released patches are available (OTP 28.4.2, 27.3.4.10). CISA SSVC analysis indicates no current exploitation and non-automatable attack requirements, but technical impact is rated total due to potential cryptographic security control bypass. No public exploit identified at time of analysis.
Erlang/OTP kernel inet_res DNS resolver uses predictable sequential transaction IDs and lacks source port randomization, enabling DNS cache poisoning attacks against systems relying on this resolver in untrusted network environments. Affects OTP 17.0 through 28.4.2 (and specific patch versions 27.3.4.10, 26.2.5.19); unauthenticated remote attackers who can observe or predict DNS query patterns can forge DNS responses to redirect traffic or execute man-in-the-middle attacks. Vendor-released patches available; no public exploit code or active exploitation confirmed.
Authorization bypass in Erlang OTP's inets HTTP server allows unanauthenticated remote attackers to execute CGI scripts protected by directory-level access controls. The vulnerability stems from a path mismatch where mod_auth validates access against DocumentRoot-relative paths while mod_cgi executes scripts at ScriptAlias-resolved paths outside DocumentRoot. With CVSS 8.3 (AV:N/AC:L/PR:N), the attack requires no authentication and low complexity but depends on specific ScriptAlias configurations (AT:P). SSVC assessment confirms the vulnerability is automatable with partial technical impact. No public exploit identified at time of analysis, though SSVC indicates exploitation status 'none'. Vendor-released patches available for affected OTP versions 17.0 through 28.4.1.
Erlang OTP public_key module (versions 1.16 through 1.20.3 and 1.17.1.2) fails to cryptographically verify OCSP responder certificate signatures, allowing network attackers to forge OCSP responses with self-signed certificates bearing matching issuer names and OCSPSigning extended key usage. This bypasses certificate revocation checks in SSL/TLS clients using OCSP stapling, enabling man-in-the-middle attackers to present revoked certificates as valid and intercept sensitive communications. Vendor-released patches are available (OTP 28.4.2, 27.3.4.10). CISA SSVC analysis indicates no current exploitation and non-automatable attack requirements, but technical impact is rated total due to potential cryptographic security control bypass. No public exploit identified at time of analysis.
Erlang/OTP kernel inet_res DNS resolver uses predictable sequential transaction IDs and lacks source port randomization, enabling DNS cache poisoning attacks against systems relying on this resolver in untrusted network environments. Affects OTP 17.0 through 28.4.2 (and specific patch versions 27.3.4.10, 26.2.5.19); unauthenticated remote attackers who can observe or predict DNS query patterns can forge DNS responses to redirect traffic or execute man-in-the-middle attacks. Vendor-released patches available; no public exploit code or active exploitation confirmed.