Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 | FortiGuard Labs
https://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401
GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards. On July 1, the project maintainers released an advisory for the vulnerability CVE-2024-36401 (CVSS score: 9.8). Multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The shortcoming has been addressed in versions 2.23.6, 2.24.4, and 2.25.2.
originally posted at https://stacker.news/items/675639
ch0k1
npub1k3…q9t9m
2024-09-07 07:25:29
Author Public Key
npub1k3qrkfq45qsvyp53hvvv2xk6tt9kfdca9asfvm9nc796dq65948q9q9t9mPublished at
2024-09-07 07:25:29Event JSON
{
"id": "212d20661339b309c69c4ea9c02e24fc7c6ad7f0fd6d167092732aaa91df1853",
"pubkey": "b4403b2415a020c20691bb18c51ada5acb64b71d2f60966cb3c78ba683542d4e",
"created_at": 1725693929,
"kind": 1,
"tags": [],
"content": "Threat Actors Exploit GeoServer Vulnerability CVE-2024-36401 | FortiGuard Labs\nhttps://www.fortinet.com/blog/threat-research/threat-actors-exploit-geoserver-vulnerability-cve-2024-36401\n\nGeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. It is the reference implementation of the Open Geospatial Consortium (OGC) Web Feature Service (WFS) and Web Coverage Service (WCS) standards. On July 1, the project maintainers released an advisory for the vulnerability CVE-2024-36401 (CVSS score: 9.8). Multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The shortcoming has been addressed in versions 2.23.6, 2.24.4, and 2.25.2.\n\noriginally posted at https://stacker.news/items/675639",
"sig": "95d7f22fe2027741cb478286f2e364258da0223068eae12bf43d5fb5973738825604c2a32af1f52314b0ac96f91e12eeff8fc9afca52b28aeb01b54d7443a4e5"
}