简介:

Apache Geronimo 是 Apache 软件基金会的开放源码J2EE服务器,它集成了众多先进技术和设计理念。 这些技术和理念大多源自独立的项目,配置和部署模型也各不相同。

Geronimo能将这些项目和方法的配置及部署完全整合到一个统一、易用的模型中。

漏洞:

这个Geronimo 其实存在很多的反序列化,默认类似tomcat Manager也有,也可以利用弱口令等部署war包,我在测试的过程中发现默认启动了JAVA RMI,并且使用了commons-collections,

commons-collections低版本存在反序列化漏洞。

 ./repository/commons-collections/commons-collections/3.2./commons-collections-3.2..jar matches

但是漏洞利用会有一些小坑,具体感兴趣的同学可以自行测试,漏洞payload我也不放出来了。申请CVE的时候和Mark沟通,等了好久,

最后告诉我这个他们内部投票已经准备放弃了。

Mark的回复:

Hi jianan!

Yes, indeed Kevan is right.

The Apache Geronimo Community has recently voted to end support for the Geronimo Server part as Kevan has pointed out.

And yes, we so far failed to reflect this fact on our page.

I will try to address this immediately.

I hope that you understand our situation!

Note that any RMI communication is usually done on a custom port > .

So those ports are usually blocked by a firewall anyway.

Which means that IF a company has any issues by that then they will likely have far more problems than 'just' a RMI injection.

txs and LieGrue,

strub

> Am 19.12. um : schrieb Kevan Miller <kevan.miller@gmail.com>:

>

> Hi Jianan,

> I'm not certain why the PMC has failed to respond to you. Perhaps your messages are not being properly moderated onto the PMC's mailing list?

>

> I believe their response would be as follows:

>

> The Geronimo Server distribution is no longer supported. The community vote thread that decided this is:

>

> https://lists.apache.org/thread.html/7d8159f186eb58f253cfdbe71a7da6a420d6d85565bba01c731d8d0f@%3Cdev.geronimo.apache.org%3E

>

> Unfortunately, the results of this vote are not properly noted on http://geronimo.apache.org/

>

> kevan

Apache Geronimo Remote Code Execute Vulnerability的更多相关文章

  1. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

  2. CVE-2014-6321 && MS14-066 Microsoft Schannel Remote Code Execution Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和 ...

  3. [EXP]Microsoft Windows MSHTML Engine - "Edit" Remote Code Execution

    # Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execut ...

  4. [EXP]Apache Superset < 0.23 - Remote Code Execution

    # Exploit Title: Apache Superset < 0.23 - Remote Code Execution # Date: 2018-05-17 # Exploit Auth ...

  5. MyBB \inc\class_core.php <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution(Reverse Shell Exploit) Vulnerability

    catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 MyBB's unset_globals() function ca ...

  6. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  7. Insecure default in Elasticsearch enables remote code execution

    Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to exe ...

  8. Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution

    Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution Trend Mi ...

  9. Tomcat put上传漏洞_CVE2017-12615( JSP Upload Bypass/Remote Code Execution)

    CVE2017-12615漏洞复现( tomcat JSP Upload Bypass /Remote Code Execution) 一.漏洞原理 在windows服务器下,将readonly参数设 ...

随机推荐

  1. Spring中操作Hibernate的几种方式

    1.直接操作模版方式HQL: //通过spring的模版方式来操作Hibernate的HQL语句 return this.getHibernateTemplate().find("from ...

  2. CentOS 7(64位) 下Docker的安装

    系统要求是64位,内核版本至少3.10. 首先添加yum软件源: 之后更新yum软件源缓存,并安装docker-engine 查看docker 版本: Cannot connect to the Do ...

  3. myEclipse 2014 破解教程

    因为经常在不同电脑里安装配置下载myEclipse,所以干脆记录下来,一直找度娘也是很麻烦的. 此教程仅对myEclipse2014 有效. 破解工具:https://pan.baidu.com/s/ ...

  4. 1.java实现——正规表达式判断

    目标:这个代码仅局限于所展示的正规表达式判断,也就是这是一个较单一的正规表达式判断(简易版). 既然是简易版的,所以若要修改这个正规表达式也是非常容易的,只要将二维数组中的数组修改即可.数组数据依据, ...

  5. QT 事件处理 KeyPressEvent 和 定时器时间 Timer

    1. 按键事件响应, 两种方法,一种直接处理Event,过滤出KeyPress,另一种直接处理KeyPressEvent. bool Dialog::event(QEvent *e) { if( e- ...

  6. wpf数据绑定的论述

    (1)绑定模式: <Lable x:Name=lab Content={binding UserName} /> <!--binding相当于SetBinding--> Con ...

  7. Swift中如何使用 #if DEBUG

    Swift暂时还不支持大多数的预处理宏操作,但是可以支持“#if/#else/#endif”语句. 下面进行简单的设置使 #if DEBUG 有效,更详细的内容见:http://stackoverfl ...

  8. hdu 2087 kmp

    http://acm.hdu.edu.cn/showproblem.php?pid=2087 算是模板题吧,找到一个子串之后将模板串指针归零否则会重复计算. #include<bits/stdc ...

  9. kylin_异常_01_java.io.FileNotFoundException: /developer/apache-kylin-2.3.0-bin/tomcat/conf/.keystore

    一.异常现象 kylin安装完,启动后,控制正常,kylin后台也能正常访问.但是去看kylin的日志,却发现报错了: SEVERE: Failed to load keystore type JKS ...

  10. 201621123014《Java程序设计》第六周学习总结

    1. 本周学习总结 1.1 面向对象学习暂告一段落,请使用思维导图,以封装.继承.多态为核心概念画一张思维导图或相关笔记,对面向对象思想进行一个总结. 答: 注1:关键词与内容不求多,但概念之间的联系 ...