目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

CVE-2024-36401— GeoServer 安全漏洞

CVSS 9.8 · Critical KEV EPSS 94.42% · P100
新しい脆弱性情報の通知を購読するログインして購読

I. CVE-2024-36401の基本情報

脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗

高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。

脆弱性タイトル
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
ソース: NVD (National Vulnerability Database)
脆弱性説明
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
动态执行代码中指令转义处理不恰当(Eval注入)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
GeoServer 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞,该漏洞源于不安全地将属性名称解析为 XPath 表达式,可能导致远程代码执行。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)

Shenlong 10 Questions — AI 深度分析

十问解析:根本原因、利用方式、修复建议、紧迫性。摘要免费,完整版需登录。

查看摘要 完整分析(登录)

影響を受ける製品

ベンダープロダクト影響を受けるバージョンCPE購読
geoservergeoserver >= 2.23.0, < 2.23.6 -

II. CVE-2024-36401の公開POC

#POC説明ソースリンクShenlongリンク
1POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.https://github.com/bigb0x/CVE-2024-36401POC詳細
2POChttps://github.com/Niuwoo/CVE-2024-36401POC詳細
3Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.https://github.com/RevoltSecurities/CVE-2024-36401POC詳細
4Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploithttps://github.com/Mr-xn/CVE-2024-36401POC詳細
5Nonehttps://github.com/zgimszhd61/CVE-2024-36401POC詳細
6Nonehttps://github.com/jakabakos/CVE-2024-36401-GeoServer-RCEPOC詳細
7geoserver CVE-2024-36401漏洞利用工具https://github.com/MInggongK/geoserver-POC詳細
8geoserver CVE-2024-36401漏洞利用工具https://github.com/ahisec/geoserver-POC詳細
9GeoServer Remote Code Executionhttps://github.com/Chocapikk/CVE-2024-36401POC詳細
10Nonehttps://github.com/yisas93/CVE-2024-36401-PoCPOC詳細
11Mass scanner for CVE-2024-36401https://github.com/justin-p/geoexplorerPOC詳細
12Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1https://github.com/daniellowrie/CVE-2024-36401-PoCPOC詳細
13GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressionshttps://github.com/PunitTailor55/GeoServer-CVE-2024-36401POC詳細
14geoserver图形化漏洞利用工具https://github.com/netuseradministrator/CVE-2024-36401POC詳細
15Nonehttps://github.com/kkhackz0013/CVE-2024-36401POC詳細
16CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件https://github.com/thestar0/CVE-2024-36401-WoodpeckerPluginPOC詳細
17CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件,主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理: 该漏洞源于GeoServer在处理属性名称时,将其不安全地解析为XPath表达式。具体而言,GeoServer调用的GeoTools库API在评估要素类型的属性名称时,以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码,攻击者可以通过构造特定的输入,利用多个OGC请求参数(如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等),在未经身份验证的情况下远程执行任意代码。 https://github.com/XiaomingX/cve-2024-36401-pocPOC詳細
18CVE-2024-36401 GeoServer Remote Code Executionhttps://github.com/0x0d3ad/CVE-2024-36401POC詳細
19GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressionshttps://github.com/punitdarji/GeoServer-CVE-2024-36401POC詳細
20GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具https://github.com/whitebear-ch/GeoServerExploitPOC詳細
21geoserver图形化漏洞利用工具https://github.com/wellwornele/CVE-2024-36401POC詳細
22geoserver图形化漏洞利用工具https://github.com/unlinedvol/CVE-2024-36401POC詳細
23geoserver图形化漏洞利用工具https://github.com/wingedmicroph/CVE-2024-36401POC詳細
24CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现https://github.com/bmth666/GeoServer-Tools-CVE-2024-36401POC詳細
25In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-36401.yamlPOC詳細
26Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/GeoServer%20%E5%B1%9E%E6%80%A7%E5%90%8D%E8%A1%A8%E8%BE%BE%E5%BC%8F%E5%89%8D%E5%8F%B0%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-36401.mdPOC詳細
27https://github.com/vulhub/vulhub/blob/master/geoserver/CVE-2024-36401/README.mdPOC詳細
28Nonehttps://github.com/y1s4s/CVE-2024-36401-PoCPOC詳細
29本脚本是针对 GeoServer 的远程代码执行漏洞(CVE-2024-36401)开发的 PoC(Proof of Concept)探测工具。该漏洞允许攻击者通过构造特定请求,在目标服务器上执行任意命令。https://github.com/amoy6228/CVE-2024-36401_Geoserver_RCE_POCPOC詳細
30Python exploit for GeoServer (CVE-2024-36401) with JSP web shell uploadhttps://github.com/holokitty/Exploit-CVE-2024-36401POC詳細
31CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件https://github.com/funnyDog896/CVE-2024-36401-WoodpeckerPluginPOC詳細
32An Python Exp For "GeoServer"https://github.com/URJACK2025/CVE-2024-36401POC詳細
33Geoserver RCEhttps://github.com/mantanhacker/CVE-2024-36401-MASSPOC詳細
34Python exploit for GeoServer (CVE-2024-36401) with JSP web shell uploadhttps://github.com/reveravip/Exploit-CVE-2024-36401POC詳細
AI生成POCプレミアム

公開POCは見つかりませんでした。

ログインしてAI POCを生成

III. CVE-2024-36401のインテリジェンス情報

登录查看更多情报信息。

Same Patch Batch · geoserver · 2024-07-01 · 3 CVEs total

CVE-2024-247497.5 HIGHClasspath resource disclosure in GWC Web Resource API on Windows / Tomcat
CVE-2024-346964.5 MEDIUM GeoServer's Server Status shows sensitive environmental variables and Java properties

IV. 関連脆弱性

同じ製品: geoserver
同じベンダー: geoserver
同じ弱点: CWE-95

V. CVE-2024-36401へのコメント

まだコメントはありません

コメントを残す