Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GeoServer Missing Authorization on REST API Index
Vulnerability Description
GeoServer is an open source server that allows users to share and edit geospatial data. It is possible to bypass the default REST API security and access the index page. The REST API security handles rest and its subpaths but not rest with an extension (e.g., rest.html). The REST API index can disclose whether certain extensions are installed. This vulnerability is fixed in 2.26.3 and 2.25.6. As a workaround, in ${GEOSERVER_DATA_DIR}/security/config.xml, change the paths for the rest filter to /rest.*,/rest/** and change the paths for the gwc filter to /gwc/rest.*,/gwc/rest/** and restart GeoServer.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
授权机制缺失
Vulnerability Title
GeoServer 安全漏洞
Vulnerability Description
GeoServer是GeoServer开源的一个用 Java 编写的开源软件服务器。允许用户共享和编辑地理空间数据。 GeoServer存在安全漏洞,该漏洞源于REST API安全绕过,可能导致信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A