CVE-2024-2056— Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-2056
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Artica Proxy Loopback Services Remotely Accessible Unauthenticated
Source: NVD (National Vulnerability Database)
Vulnerability Description
Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
使用候选路径或通道进行的认证绕过
Source: NVD (National Vulnerability Database)
Vulnerability Title
Artica Proxy 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Artica Proxy是西班牙Artica公司的一款开源的Artica代理解决方案。 Artica Proxy 存在安全漏洞,该漏洞源于使用 tailon 服务,允许攻击者查看 Artica Proxy上任何文件的内容。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Artica Tech | Artica Proxy | 4.50 | - |
II. Public POCs for CVE-2024-2056
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-2056
请登录查看更多情报信息。
- https://korelogic.com/Resources/Advisories/KL-001-2024-004.txtthird-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-2056
Same Patch Batch · Artica Tech · 2024-03-05 · 4 CVEs total
| CVE-2024-2053 | Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability | |
| CVE-2024-2054 | Artica Proxy Unauthenticated PHP Deserialization Vulnerability | |
| CVE-2024-2055 | Artica Proxy Unauthenticated File Manager Vulnerability |
IV. Related Vulnerabilities
Same weakness: CWE-288
- CVE-2026-41308
Password Pusher: JSON API `/p.json` file upload alias bypass - CVE-2026-7458
User Verification by PickPlugins <= 2.0.46 - Unauthenticated - CVE-2026-7567
Temporary Login <= 1.0.0 - Authentication Bypass to Account - CVE-2026-40022
Apache Camel Platform HTTP Main: Authentication Bypass on No - CVE-2026-40630
SenseLive X3050 Authentication bypass using an alternate pat
V. Comments for CVE-2024-2056
No comments yet