简介:

Apache Geronimo 是 Apache 软件基金会的开放源码J2EE服务器,它集成了众多先进技术和设计理念。 这些技术和理念大多源自独立的项目,配置和部署模型也各不相同。

Geronimo能将这些项目和方法的配置及部署完全整合到一个统一、易用的模型中。

漏洞:

这个Geronimo 其实存在很多的反序列化,默认类似tomcat Manager也有,也可以利用弱口令等部署war包,我在测试的过程中发现默认启动了JAVA RMI,并且使用了commons-collections,

commons-collections低版本存在反序列化漏洞。

 ./repository/commons-collections/commons-collections/3.2./commons-collections-3.2..jar matches

但是漏洞利用会有一些小坑,具体感兴趣的同学可以自行测试,漏洞payload我也不放出来了。申请CVE的时候和Mark沟通,等了好久,

最后告诉我这个他们内部投票已经准备放弃了。

Mark的回复:

Hi jianan!

Yes, indeed Kevan is right.

The Apache Geronimo Community has recently voted to end support for the Geronimo Server part as Kevan has pointed out.

And yes, we so far failed to reflect this fact on our page.

I will try to address this immediately.

I hope that you understand our situation!

Note that any RMI communication is usually done on a custom port > .

So those ports are usually blocked by a firewall anyway.

Which means that IF a company has any issues by that then they will likely have far more problems than 'just' a RMI injection.

txs and LieGrue,

strub

> Am 19.12. um : schrieb Kevan Miller <kevan.miller@gmail.com>:

>

> Hi Jianan,

> I'm not certain why the PMC has failed to respond to you. Perhaps your messages are not being properly moderated onto the PMC's mailing list?

>

> I believe their response would be as follows:

>

> The Geronimo Server distribution is no longer supported. The community vote thread that decided this is:

>

> https://lists.apache.org/thread.html/7d8159f186eb58f253cfdbe71a7da6a420d6d85565bba01c731d8d0f@%3Cdev.geronimo.apache.org%3E

>

> Unfortunately, the results of this vote are not properly noted on http://geronimo.apache.org/

>

> kevan

Apache Geronimo Remote Code Execute Vulnerability的更多相关文章

  1. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

  2. CVE-2014-6321 && MS14-066 Microsoft Schannel Remote Code Execution Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和 ...

  3. [EXP]Microsoft Windows MSHTML Engine - "Edit" Remote Code Execution

    # Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execut ...

  4. [EXP]Apache Superset < 0.23 - Remote Code Execution

    # Exploit Title: Apache Superset < 0.23 - Remote Code Execution # Date: 2018-05-17 # Exploit Auth ...

  5. MyBB \inc\class_core.php <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution(Reverse Shell Exploit) Vulnerability

    catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 MyBB's unset_globals() function ca ...

  6. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  7. Insecure default in Elasticsearch enables remote code execution

    Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to exe ...

  8. Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution

    Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution Trend Mi ...

  9. Tomcat put上传漏洞_CVE2017-12615( JSP Upload Bypass/Remote Code Execution)

    CVE2017-12615漏洞复现( tomcat JSP Upload Bypass /Remote Code Execution) 一.漏洞原理 在windows服务器下,将readonly参数设 ...

随机推荐

  1. Centos7 搭建DNS服务器与原理配置详解

    在搭建我们自己DNS服务器之前,先必须了解下DNS服务器的作用和原理. DNS是在互联网上进行域名解析到对应IP地址的服务器,保存互联网上所有的IP与域名的对应信息,然后将我们对网址的访问,解析成IP ...

  2. How does asp.net web api work?

    https://hub.packtpub.com/working-aspnet-web-api/ https://docs.microsoft.com/en-us/aspnet/web-api/ove ...

  3. Loop through an array in JavaScript

    https://stackoverflow.com/questions/3010840/loop-through-an-array-in-javascript?page=1&tab=votes ...

  4. Kafka详解一:Kafka简介

    问题导读 1.Kafka有何特性?2.Kafka有哪些组件? 背景:     当今社会各种应用系统诸如商业.社交.搜索.浏览等像信息工厂一样不断的生产出各种信息,在大数据时代,我们面临如下几个挑战: ...

  5. html里id和name的异同

    id与name的作用,作为标签的标识符,基本上是一样的. name是老方法,id是在name基础上发明的,比name“现代化”一点,用的范围广一点 <...>中的name原来(刚发明时)就 ...

  6. ANT+JMETER + Jenkins 集成1

    新建任务注意添加invoke Ant,新建成功后运行就可以啦

  7. phalcon查询:单条查询,多条查询,多表查询

    单条查询, $order = \OrderMain::findFirst("oid='" . $oid . "'"); 多条查询, $shop = \Order ...

  8. Win10 14316 bash

    更新 WSL ~~~ 现在添加删除组件中勾选 Windows Subsystem for Linux 然后运行bash,会提示一个链接,浏览器打开后会出现App Store安装Ubuntu 再次运行b ...

  9. LeetCode OJ:Binary Tree Preorder Traversal(前序遍历二叉树)

    Given a binary tree, return the preorder traversal of its nodes' values. For example:Given binary tr ...

  10. LeetCode OJ:Balanced Binary Tree(平衡二叉树)

    Given a binary tree, determine if it is height-balanced. For this problem, a height-balanced binary ...