一、 漏洞 CVE-2024-36401 基础信息
漏洞标题
Geoserver在计算属性名称表达式中存在远程代码执行(RCE)漏洞
来源:AIGC 神龙大模型
漏洞描述信息
N/A
来源:AIGC 神龙大模型
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:AIGC 神龙大模型
漏洞类别
XML外部实体引用的不恰当限制(XXE)
来源:AIGC 神龙大模型
漏洞标题
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
来源:美国国家漏洞数据库 NVD
漏洞描述信息
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
动态执行代码中指令转义处理不恰当(Eval注入)
来源:美国国家漏洞数据库 NVD
漏洞标题
GeoServer 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞,该漏洞源于不安全地将属性名称解析为 XPath 表达式,可能导致远程代码执行。
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2024-36401 的公开POC
# POC 描述 源链接 神龙链接
1 POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets. https://github.com/bigb0x/CVE-2024-36401 POC详情
2 POC https://github.com/Niuwoo/CVE-2024-36401 POC详情
3 Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401. https://github.com/RevoltSecurities/CVE-2024-36401 POC详情
4 Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit https://github.com/Mr-xn/CVE-2024-36401 POC详情
5 None https://github.com/zgimszhd61/CVE-2024-36401 POC详情
6 None https://github.com/jakabakos/CVE-2024-36401-GeoServer-RCE POC详情
7 geoserver CVE-2024-36401漏洞利用工具 https://github.com/MInggongK/geoserver- POC详情
8 geoserver CVE-2024-36401漏洞利用工具 https://github.com/ahisec/geoserver- POC详情
9 GeoServer Remote Code Execution https://github.com/Chocapikk/CVE-2024-36401 POC详情
10 None https://github.com/yisas93/CVE-2024-36401-PoC POC详情
11 Mass scanner for CVE-2024-36401 https://github.com/justin-p/geoexplorer POC详情
12 Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1 https://github.com/daniellowrie/CVE-2024-36401-PoC POC详情
13 GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions https://github.com/PunitTailor55/GeoServer-CVE-2024-36401 POC详情
14 geoserver图形化漏洞利用工具 https://github.com/netuseradministrator/CVE-2024-36401 POC详情
15 None https://github.com/kkhackz0013/CVE-2024-36401 POC详情
16 CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件 https://github.com/thestar0/CVE-2024-36401-WoodpeckerPlugin POC详情
17 CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件,主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理: 该漏洞源于GeoServer在处理属性名称时,将其不安全地解析为XPath表达式。具体而言,GeoServer调用的GeoTools库API在评估要素类型的属性名称时,以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码,攻击者可以通过构造特定的输入,利用多个OGC请求参数(如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等),在未经身份验证的情况下远程执行任意代码。 https://github.com/XiaomingX/cve-2024-36401-poc POC详情
18 CVE-2024-36401 GeoServer Remote Code Execution https://github.com/0x0d3ad/CVE-2024-36401 POC详情
19 GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions https://github.com/punitdarji/GeoServer-CVE-2024-36401 POC详情
20 GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具 https://github.com/whitebear-ch/GeoServerExploit POC详情
21 geoserver图形化漏洞利用工具 https://github.com/wellwornele/CVE-2024-36401 POC详情
22 geoserver图形化漏洞利用工具 https://github.com/unlinedvol/CVE-2024-36401 POC详情
23 geoserver图形化漏洞利用工具 https://github.com/wingedmicroph/CVE-2024-36401 POC详情
24 CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现 https://github.com/bmth666/GeoServer-Tools-CVE-2024-36401 POC详情
25 In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-36401.yaml POC详情
26 None https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/GeoServer%20%E5%B1%9E%E6%80%A7%E5%90%8D%E8%A1%A8%E8%BE%BE%E5%BC%8F%E5%89%8D%E5%8F%B0%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-36401.md POC详情
27 https://github.com/vulhub/vulhub/blob/master/geoserver/CVE-2024-36401/README.md POC详情
三、漏洞 CVE-2024-36401 的情报信息