简介:

Apache Geronimo 是 Apache 软件基金会的开放源码J2EE服务器,它集成了众多先进技术和设计理念。 这些技术和理念大多源自独立的项目,配置和部署模型也各不相同。

Geronimo能将这些项目和方法的配置及部署完全整合到一个统一、易用的模型中。

漏洞:

这个Geronimo 其实存在很多的反序列化,默认类似tomcat Manager也有,也可以利用弱口令等部署war包,我在测试的过程中发现默认启动了JAVA RMI,并且使用了commons-collections,

commons-collections低版本存在反序列化漏洞。

 ./repository/commons-collections/commons-collections/3.2./commons-collections-3.2..jar matches

但是漏洞利用会有一些小坑,具体感兴趣的同学可以自行测试,漏洞payload我也不放出来了。申请CVE的时候和Mark沟通,等了好久,

最后告诉我这个他们内部投票已经准备放弃了。

Mark的回复:

Hi jianan!

Yes, indeed Kevan is right.

The Apache Geronimo Community has recently voted to end support for the Geronimo Server part as Kevan has pointed out.

And yes, we so far failed to reflect this fact on our page.

I will try to address this immediately.

I hope that you understand our situation!

Note that any RMI communication is usually done on a custom port > .

So those ports are usually blocked by a firewall anyway.

Which means that IF a company has any issues by that then they will likely have far more problems than 'just' a RMI injection.

txs and LieGrue,

strub

> Am 19.12. um : schrieb Kevan Miller <kevan.miller@gmail.com>:

>

> Hi Jianan,

> I'm not certain why the PMC has failed to respond to you. Perhaps your messages are not being properly moderated onto the PMC's mailing list?

>

> I believe their response would be as follows:

>

> The Geronimo Server distribution is no longer supported. The community vote thread that decided this is:

>

> https://lists.apache.org/thread.html/7d8159f186eb58f253cfdbe71a7da6a420d6d85565bba01c731d8d0f@%3Cdev.geronimo.apache.org%3E

>

> Unfortunately, the results of this vote are not properly noted on http://geronimo.apache.org/

>

> kevan

Apache Geronimo Remote Code Execute Vulnerability的更多相关文章

  1. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

  2. CVE-2014-6321 && MS14-066 Microsoft Schannel Remote Code Execution Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和 ...

  3. [EXP]Microsoft Windows MSHTML Engine - "Edit" Remote Code Execution

    # Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execut ...

  4. [EXP]Apache Superset < 0.23 - Remote Code Execution

    # Exploit Title: Apache Superset < 0.23 - Remote Code Execution # Date: 2018-05-17 # Exploit Auth ...

  5. MyBB \inc\class_core.php <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution(Reverse Shell Exploit) Vulnerability

    catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 MyBB's unset_globals() function ca ...

  6. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  7. Insecure default in Elasticsearch enables remote code execution

    Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to exe ...

  8. Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution

    Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution Trend Mi ...

  9. Tomcat put上传漏洞_CVE2017-12615( JSP Upload Bypass/Remote Code Execution)

    CVE2017-12615漏洞复现( tomcat JSP Upload Bypass /Remote Code Execution) 一.漏洞原理 在windows服务器下,将readonly参数设 ...

随机推荐

  1. 如何用Spring框架的<form:form>标签实现REST风格的增删改查操作

    1.首先创建两个bean类,Employee(职工)和Department(部门),一个部门可以有多个职工 Employee类(属性:职工ID:id:姓名:lastName:邮箱:email:性别:g ...

  2. Ubuntu 安装mysql

    ubuntu上安装mysql非常简单只需要几条命令就可以完成. 1. sudo apt-get install mysql-server   2. apt-get isntall mysql-clie ...

  3. JavaScript -- Input Select 操作, 级联菜单

    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/ ...

  4. 最全面的linux信号量解析

    信号量 一.什么是信号量 信号量的使用主要是用来保护共享资源,使得资源在一个时刻只有一个进程(线程) 所拥有. 信号量的值为正的时候,说明它空闲.所测试的线程可以锁定而使用它.若为0,说明 它被占用, ...

  5. OpenStack日志搜集分析之ELK

    ELK 安装配置简单,用于管理 OpenStack 日志时需注意两点: Logstash 配置文件的编写 Elasticsearch 日志存储空间的容量规划 另外推荐 ELKstack 中文指南. E ...

  6. Spring Boot入门——thymeleaf模板使用

    使用步骤 1.在pom.xml中引入thymeleaf <!-- thymeleaf插件 --> <dependency> <groupId>org.springf ...

  7. AppCompatActivity和Activity的区别

    1-首先是AppCompatActivity默认带标题,但Activity不带 2-而且AppCompatActivity和 requestWindowFeature(Window.FEATURE_N ...

  8. EDID真实数据块,请参考标准文档仔细核对

    数据格式的详细说明:http://en.wikipedia.org/wiki/Extended_display_identification_data 下面是一个例子:

  9. javascript常用的数组操作

    数组的定义 var arr=new Array(); var arr=[]; var arr=new Array(10);//定义一个长度为10的数组 数组元素的访问 var temp=arr[1]; ...

  10. Linux-挂载命令

    1.查询与自动挂载 mount:查询系统中已挂载的设备 mount -a :依据配置文件.etc/fsatb的内容,自动挂载 2.挂在命令格式 mount [-t 文件系统] [-o 特殊选项] 设备 ...