目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡
获取后续新漏洞提醒登录后订阅
一、 漏洞 CVE-2024-36401 基础信息
漏洞信息
对漏洞内容有疑问?看看神龙的深度分析是否有帮助!
查看神龙十问 ↗

尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。

Vulnerability Title
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
来源: 美国国家漏洞数据库 NVD
Vulnerability Description
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
来源: 美国国家漏洞数据库 NVD
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源: 美国国家漏洞数据库 NVD
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
来源: 美国国家漏洞数据库 NVD
Vulnerability Title
GeoServer 安全漏洞
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Description
GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞,该漏洞源于不安全地将属性名称解析为 XPath 表达式,可能导致远程代码执行。
来源: 中国国家信息安全漏洞库 CNNVD
CVSS Information
N/A
来源: 中国国家信息安全漏洞库 CNNVD
Vulnerability Type
N/A
来源: 中国国家信息安全漏洞库 CNNVD
受影响产品
厂商产品影响版本CPE订阅
geoservergeoserver >= 2.23.0, < 2.23.6 -
二、漏洞 CVE-2024-36401 的公开POC
#POC 描述源链接神龙链接
1POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.https://github.com/bigb0x/CVE-2024-36401POC详情
2POChttps://github.com/Niuwoo/CVE-2024-36401POC详情
3Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.https://github.com/RevoltSecurities/CVE-2024-36401POC详情
4Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploithttps://github.com/Mr-xn/CVE-2024-36401POC详情
5Nonehttps://github.com/zgimszhd61/CVE-2024-36401POC详情
6Nonehttps://github.com/jakabakos/CVE-2024-36401-GeoServer-RCEPOC详情
7geoserver CVE-2024-36401漏洞利用工具https://github.com/MInggongK/geoserver-POC详情
8geoserver CVE-2024-36401漏洞利用工具https://github.com/ahisec/geoserver-POC详情
9GeoServer Remote Code Executionhttps://github.com/Chocapikk/CVE-2024-36401POC详情
10Nonehttps://github.com/yisas93/CVE-2024-36401-PoCPOC详情
11Mass scanner for CVE-2024-36401https://github.com/justin-p/geoexplorerPOC详情
12Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1https://github.com/daniellowrie/CVE-2024-36401-PoCPOC详情
13GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressionshttps://github.com/PunitTailor55/GeoServer-CVE-2024-36401POC详情
14geoserver图形化漏洞利用工具https://github.com/netuseradministrator/CVE-2024-36401POC详情
15Nonehttps://github.com/kkhackz0013/CVE-2024-36401POC详情
16CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件https://github.com/thestar0/CVE-2024-36401-WoodpeckerPluginPOC详情
17CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件,主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理: 该漏洞源于GeoServer在处理属性名称时,将其不安全地解析为XPath表达式。具体而言,GeoServer调用的GeoTools库API在评估要素类型的属性名称时,以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码,攻击者可以通过构造特定的输入,利用多个OGC请求参数(如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等),在未经身份验证的情况下远程执行任意代码。 https://github.com/XiaomingX/cve-2024-36401-pocPOC详情
18CVE-2024-36401 GeoServer Remote Code Executionhttps://github.com/0x0d3ad/CVE-2024-36401POC详情
19GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressionshttps://github.com/punitdarji/GeoServer-CVE-2024-36401POC详情
20GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具https://github.com/whitebear-ch/GeoServerExploitPOC详情
21geoserver图形化漏洞利用工具https://github.com/wellwornele/CVE-2024-36401POC详情
22geoserver图形化漏洞利用工具https://github.com/unlinedvol/CVE-2024-36401POC详情
23geoserver图形化漏洞利用工具https://github.com/wingedmicroph/CVE-2024-36401POC详情
24CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现https://github.com/bmth666/GeoServer-Tools-CVE-2024-36401POC详情
25In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-36401.yamlPOC详情
26Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/GeoServer%20%E5%B1%9E%E6%80%A7%E5%90%8D%E8%A1%A8%E8%BE%BE%E5%BC%8F%E5%89%8D%E5%8F%B0%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-36401.mdPOC详情
27https://github.com/vulhub/vulhub/blob/master/geoserver/CVE-2024-36401/README.mdPOC详情
28Nonehttps://github.com/y1s4s/CVE-2024-36401-PoCPOC详情
29本脚本是针对 GeoServer 的远程代码执行漏洞(CVE-2024-36401)开发的 PoC(Proof of Concept)探测工具。该漏洞允许攻击者通过构造特定请求,在目标服务器上执行任意命令。https://github.com/amoy6228/CVE-2024-36401_Geoserver_RCE_POCPOC详情
30Python exploit for GeoServer (CVE-2024-36401) with JSP web shell uploadhttps://github.com/holokitty/Exploit-CVE-2024-36401POC详情
31CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件https://github.com/funnyDog896/CVE-2024-36401-WoodpeckerPluginPOC详情
32An Python Exp For "GeoServer"https://github.com/URJACK2025/CVE-2024-36401POC详情
33Geoserver RCEhttps://github.com/mantanhacker/CVE-2024-36401-MASSPOC详情
34Python exploit for GeoServer (CVE-2024-36401) with JSP web shell uploadhttps://github.com/reveravip/Exploit-CVE-2024-36401POC详情
AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC
三、漏洞 CVE-2024-36401 的情报信息
Please 登录 to view more intelligence information
IV. Related Vulnerabilities
Same product: geoserver
Same vendor: geoserver
Same weakness: CWE-95
V. Comments for CVE-2024-36401

暂无评论

发表评论