关联漏洞
标题:Apache James 代码问题漏洞 (CVE-2023-51518)Description:Apache James是美国阿帕奇(Apache)基金会的一个完全用 Java 编写的开源 Smtp 和 Pop3 邮件传输代理和 Nntp 新闻服务器。 Apache James 3.7.5之前版本、3.8.0版本存在代码问题漏洞。攻击者利用该漏洞可以升级权限。
Description
CVE-2023-51518: Preauthenticated Java Deserialization via JMX in Apache James
介绍
# CVE-2023-51518: Preauthenticated Java Deserialization via JMX in Apache James
Apache James distribution prior to release 3.7.5 and 3.8.1 allow privilege escalation via JMX pre-authentication deserialization. Given a deserialization gadget, this could be leveraged as part of an exploit chain that could result in privilege escalation.
<strong>Note:</strong> For Apache James servers running using Java versions <16, the [ysoserial](https://github.com/frohoff/ysoserial) "CommonsBeanutils1" gadget can be used to execute arbitrary system commands. For Java versions >=16, an alternative vector needs to be identified as explained in this [article](https://mogwailabs.de/en/blog/2023/04/look-mama-no-templatesimpl/).
### Vendor Disclosure:
The vendor's disclosure and fix for this vulnerability can be found [here](https://james.apache.org/server/feature-security.html).
### Proof Of Concept:
More details and the exploitation process can be found in this [PDF](https://github.com/mbadanoiu/CVE-2023-51518/blob/main/Apache%20James%20-%20CVE-2023-51518.pdf).
文件快照
[4.0K] /data/pocs/250cad277935f2771ae761765e12a9656c383b72
├── [347K] Apache James - CVE-2023-51518.pdf
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。