Vulnerabilities > CVE-2018-3728 - Modification of Assumed-Immutable Data (MAID) vulnerability in Hapijs Hoek

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
hapijs
CWE-471
nessus
NVD
Published: 2018-03-30
Updated: 2019-10-09

Summary

hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

Vulnerable Configurations

Part Description Count
Application
Hapijs
79

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Variable Manipulation
    An attacker manipulates variables used by an application to perform a variety of possible attacks. This can either be performed through the manipulation of function call parameters or by manipulating external variables, such as environment variables, that are used by an application. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Environment Variable Manipulation
    An attacker manipulates environment variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Global variable manipulation
    An attacker manipulates global variables used by an application to perform a variety of possible attacks. Changing variable values is usually undertaken as part of another attack; for example, a path traversal (inserting relative path modifiers) or buffer overflow (enlarging a variable value beyond an application's ability to store it).
  • Application API Message Manipulation via Man-in-the-Middle
    An attacker manipulates either egress or ingress data from a client within an application framework in order to change the content of messages. Performing this attack can allow the attacker to gain unauthorized privileges within the application, or conduct attacks such as phishing, deceptive strategies to spread malware, or traditional web-application attacks. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system. Despite the use of MITM software, the attack is actually directed at the server, as the client is one node in a series of content brokers that pass information along to the application framework. Additionally, it is not true "Man-in-the-Middle" attack at the network layer, but an application-layer attack the root cause of which is the master applications trust in the integrity of code supplied by the client.
  • Transaction or Event Tampering via Application API Manipulation
    An attacker hosts or joins an event or transaction within an application framework in order to change the content of messages or items that are being exchanged. Performing this attack allows the attacker to manipulate content in such a way as to produce messages or content that look authentic but may contain deceptive links, substitute one item or another, spoof an existing item and conduct a false exchange, or otherwise change the amounts or identity of what is being exchanged. The techniques require use of specialized software that allow the attacker to man-in-the-middle communications between the web browser and the remote system in order to change the content of various application elements. Often, items exchanged in game can be monetized via sales for coin, virtual dollars, etc. The purpose of the attack is for the attack to scam the victim by trapping the data packets involved the exchange and altering the integrity of the transfer process.

Nessus

NASL familyRed Hat Local Security Checks
NASL idREDHAT-RHSA-2018-1263.NASL
descriptionRed Hat Mobile Application Platform 4.6.0 release - RPMs Red Hat Mobile Application Platform (RHMAP) 4.6 is delivered as a set of container images. In addition to the images, several components are delivered as RPMs : * OpenShift templates used to deploy an RHMAP Core and MBaaS * The fh-system-dump-tool allows you to analyze all the projects running in an OpenShift cluster and reports any problems discovered. For more information, see the Operations Guide. The following RPMs are included in the RHMAP container images, and are provided here only for completeness : * The Nagios server, which is used to monitor the status of RHMAP components, is installed inside the Nagios container image. This release serves as an update for Red Hat Mobile Application Platform 4.5.6. It includes bug fixes and enhancements. Refer to the Red Hat Mobile Application Platform 4.6.0 Release Notes for information about the most significant bug fixes and enhancements included in this release. Nagios is a program that monitors hosts and services on your network, and has the ability to send email or page alerts when a problem arises or is resolved. Security Fix(es) : * nodejs-tough-cookie: Regular expression denial of service (CVE-2017-15010) * hoek: Prototype pollution in utilities function (CVE-2018-3728) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
last seen2020-06-01
modified2020-06-02
plugin id109566
published2018-05-04
reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/109566
titleRHEL 7 : Red Hat Mobile Application Platform 4.6.0 (RHSA-2018:1263)

Redhat

advisories
  • rhsa
    idRHSA-2018:1263
  • rhsa
    idRHSA-2018:1264
rpms
  • fh-system-dump-tool-0:1.0.0-5.el7
  • fping-0:3.10-4.el7map
  • fping-debuginfo-0:3.10-4.el7map
  • nagios-0:4.0.8-8.el7map
  • nagios-common-0:4.0.8-8.el7map
  • nagios-debuginfo-0:4.0.8-8.el7map
  • nagios-devel-0:4.0.8-8.el7map
  • nagios-plugins-0:2.0.3-3.el7map
  • nagios-plugins-all-0:2.0.3-3.el7map
  • nagios-plugins-apt-0:2.0.3-3.el7map
  • nagios-plugins-breeze-0:2.0.3-3.el7map
  • nagios-plugins-by_ssh-0:2.0.3-3.el7map
  • nagios-plugins-cluster-0:2.0.3-3.el7map
  • nagios-plugins-dbi-0:2.0.3-3.el7map
  • nagios-plugins-debuginfo-0:2.0.3-3.el7map
  • nagios-plugins-dhcp-0:2.0.3-3.el7map
  • nagios-plugins-dig-0:2.0.3-3.el7map
  • nagios-plugins-disk-0:2.0.3-3.el7map
  • nagios-plugins-disk_smb-0:2.0.3-3.el7map
  • nagios-plugins-dns-0:2.0.3-3.el7map
  • nagios-plugins-dummy-0:2.0.3-3.el7map
  • nagios-plugins-file_age-0:2.0.3-3.el7map
  • nagios-plugins-flexlm-0:2.0.3-3.el7map
  • nagios-plugins-fping-0:2.0.3-3.el7map
  • nagios-plugins-game-0:2.0.3-3.el7map
  • nagios-plugins-hpjd-0:2.0.3-3.el7map
  • nagios-plugins-http-0:2.0.3-3.el7map
  • nagios-plugins-icmp-0:2.0.3-3.el7map
  • nagios-plugins-ide_smart-0:2.0.3-3.el7map
  • nagios-plugins-ifoperstatus-0:2.0.3-3.el7map
  • nagios-plugins-ifstatus-0:2.0.3-3.el7map
  • nagios-plugins-ircd-0:2.0.3-3.el7map
  • nagios-plugins-ldap-0:2.0.3-3.el7map
  • nagios-plugins-load-0:2.0.3-3.el7map
  • nagios-plugins-log-0:2.0.3-3.el7map
  • nagios-plugins-mailq-0:2.0.3-3.el7map
  • nagios-plugins-mrtg-0:2.0.3-3.el7map
  • nagios-plugins-mrtgtraf-0:2.0.3-3.el7map
  • nagios-plugins-mysql-0:2.0.3-3.el7map
  • nagios-plugins-nagios-0:2.0.3-3.el7map
  • nagios-plugins-nt-0:2.0.3-3.el7map
  • nagios-plugins-ntp-0:2.0.3-3.el7map
  • nagios-plugins-ntp-perl-0:2.0.3-3.el7map
  • nagios-plugins-nwstat-0:2.0.3-3.el7map
  • nagios-plugins-oracle-0:2.0.3-3.el7map
  • nagios-plugins-overcr-0:2.0.3-3.el7map
  • nagios-plugins-perl-0:2.0.3-3.el7map
  • nagios-plugins-pgsql-0:2.0.3-3.el7map
  • nagios-plugins-ping-0:2.0.3-3.el7map
  • nagios-plugins-procs-0:2.0.3-3.el7map
  • nagios-plugins-radius-0:2.0.3-3.el7map
  • nagios-plugins-real-0:2.0.3-3.el7map
  • nagios-plugins-rpc-0:2.0.3-3.el7map
  • nagios-plugins-sensors-0:2.0.3-3.el7map
  • nagios-plugins-smtp-0:2.0.3-3.el7map
  • nagios-plugins-snmp-0:2.0.3-3.el7map
  • nagios-plugins-ssh-0:2.0.3-3.el7map
  • nagios-plugins-swap-0:2.0.3-3.el7map
  • nagios-plugins-tcp-0:2.0.3-3.el7map
  • nagios-plugins-time-0:2.0.3-3.el7map
  • nagios-plugins-ups-0:2.0.3-3.el7map
  • nagios-plugins-uptime-0:2.0.3-3.el7map
  • nagios-plugins-users-0:2.0.3-3.el7map
  • nagios-plugins-wave-0:2.0.3-3.el7map
  • perl-Crypt-CBC-0:2.33-2.el7map
  • perl-Crypt-DES-0:2.05-20.el7map
  • perl-Crypt-DES-debuginfo-0:2.05-20.el7map
  • perl-Net-SNMP-0:6.0.1-7.el7map
  • phantomjs-0:1.9.7-3.el7map
  • phantomjs-debuginfo-0:1.9.7-3.el7map
  • python-meld3-0:0.6.10-1.el7map
  • python-meld3-debuginfo-0:0.6.10-1.el7map
  • qstat-0:2.11-13.20080912svn311.el7map
  • qstat-debuginfo-0:2.11-13.20080912svn311.el7map
  • radiusclient-ng-0:0.5.6-9.el7map
  • radiusclient-ng-debuginfo-0:0.5.6-9.el7map
  • radiusclient-ng-devel-0:0.5.6-9.el7map
  • radiusclient-ng-utils-0:0.5.6-9.el7map
  • redis-0:2.8.21-2.el7map
  • redis-debuginfo-0:2.8.21-2.el7map
  • rhmap-fh-openshift-templates-0:4.6.0-5.el7
  • rhmap-mod_authnz_external-0:3.3.1-7.el7map
  • rhmap-mod_authnz_external-debuginfo-0:3.3.1-7.el7map
  • sendEmail-0:1.56-2.el7
  • ssmtp-0:2.64-14.el7map
  • ssmtp-debuginfo-0:2.64-14.el7map
  • supervisor-0:3.1.3-3.el7map

References