Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-36401
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
Source: NVD (National Vulnerability Database)
Vulnerability Description
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions. This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to **ALL** GeoServer instances. No public PoC is provided but this vulnerability has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic and WPS Execute requests. This vulnerability can lead to executing arbitrary code. Versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2 contain a patch for the issue. A workaround exists by removing the `gt-complex-x.y.jar` file from the GeoServer where `x.y` is the GeoTools version (e.g., `gt-complex-31.1.jar` if running GeoServer 2.25.1). This will remove the vulnerable code from GeoServer but may break some GeoServer functionality or prevent GeoServer from deploying if the gt-complex module is needed.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
动态执行代码中指令转义处理不恰当(Eval注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
GeoServer 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GeoServer是一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer 存在安全漏洞,该漏洞源于不安全地将属性名称解析为 XPath 表达式,可能导致远程代码执行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
geoservergeoserver >= 2.23.0, < 2.23.6 -
II. Public POCs for CVE-2024-36401
#POC DescriptionSource LinkShenlong Link
1POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.https://github.com/bigb0x/CVE-2024-36401POC Details
2POChttps://github.com/Niuwoo/CVE-2024-36401POC Details
3Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.https://github.com/RevoltSecurities/CVE-2024-36401POC Details
4Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploithttps://github.com/Mr-xn/CVE-2024-36401POC Details
5Nonehttps://github.com/zgimszhd61/CVE-2024-36401POC Details
6Nonehttps://github.com/jakabakos/CVE-2024-36401-GeoServer-RCEPOC Details
7geoserver CVE-2024-36401漏洞利用工具https://github.com/MInggongK/geoserver-POC Details
8geoserver CVE-2024-36401漏洞利用工具https://github.com/ahisec/geoserver-POC Details
9GeoServer Remote Code Executionhttps://github.com/Chocapikk/CVE-2024-36401POC Details
10Nonehttps://github.com/yisas93/CVE-2024-36401-PoCPOC Details
11Mass scanner for CVE-2024-36401https://github.com/justin-p/geoexplorerPOC Details
12Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1https://github.com/daniellowrie/CVE-2024-36401-PoCPOC Details
13GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressionshttps://github.com/PunitTailor55/GeoServer-CVE-2024-36401POC Details
14geoserver图形化漏洞利用工具https://github.com/netuseradministrator/CVE-2024-36401POC Details
15Nonehttps://github.com/kkhackz0013/CVE-2024-36401POC Details
16CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件https://github.com/thestar0/CVE-2024-36401-WoodpeckerPluginPOC Details
17CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件,主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理: 该漏洞源于GeoServer在处理属性名称时,将其不安全地解析为XPath表达式。具体而言,GeoServer调用的GeoTools库API在评估要素类型的属性名称时,以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码,攻击者可以通过构造特定的输入,利用多个OGC请求参数(如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等),在未经身份验证的情况下远程执行任意代码。 https://github.com/XiaomingX/cve-2024-36401-pocPOC Details
18CVE-2024-36401 GeoServer Remote Code Executionhttps://github.com/0x0d3ad/CVE-2024-36401POC Details
19GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressionshttps://github.com/punitdarji/GeoServer-CVE-2024-36401POC Details
20GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具https://github.com/whitebear-ch/GeoServerExploitPOC Details
21geoserver图形化漏洞利用工具https://github.com/wellwornele/CVE-2024-36401POC Details
22geoserver图形化漏洞利用工具https://github.com/unlinedvol/CVE-2024-36401POC Details
23geoserver图形化漏洞利用工具https://github.com/wingedmicroph/CVE-2024-36401POC Details
24CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现https://github.com/bmth666/GeoServer-Tools-CVE-2024-36401POC Details
25In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-36401.yamlPOC Details
26Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/GeoServer%20%E5%B1%9E%E6%80%A7%E5%90%8D%E8%A1%A8%E8%BE%BE%E5%BC%8F%E5%89%8D%E5%8F%B0%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2024-36401.mdPOC Details
27https://github.com/vulhub/vulhub/blob/master/geoserver/CVE-2024-36401/README.mdPOC Details
28Nonehttps://github.com/y1s4s/CVE-2024-36401-PoCPOC Details
29本脚本是针对 GeoServer 的远程代码执行漏洞(CVE-2024-36401)开发的 PoC(Proof of Concept)探测工具。该漏洞允许攻击者通过构造特定请求,在目标服务器上执行任意命令。https://github.com/amoy6228/CVE-2024-36401_Geoserver_RCE_POCPOC Details
30Python exploit for GeoServer (CVE-2024-36401) with JSP web shell uploadhttps://github.com/holokitty/Exploit-CVE-2024-36401POC Details
31CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件https://github.com/funnyDog896/CVE-2024-36401-WoodpeckerPluginPOC Details
32An Python Exp For "GeoServer"https://github.com/URJACK2025/CVE-2024-36401POC Details
33Geoserver RCEhttps://github.com/mantanhacker/CVE-2024-36401-MASSPOC Details
34Python exploit for GeoServer (CVE-2024-36401) with JSP web shell uploadhttps://github.com/reveravip/Exploit-CVE-2024-36401POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-36401
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: geoserver
Same vendor: geoserver
Same weakness: CWE-95
V. Comments for CVE-2024-36401

No comments yet

Leave a comment