简介:

Apache Geronimo 是 Apache 软件基金会的开放源码J2EE服务器,它集成了众多先进技术和设计理念。 这些技术和理念大多源自独立的项目,配置和部署模型也各不相同。

Geronimo能将这些项目和方法的配置及部署完全整合到一个统一、易用的模型中。

漏洞:

这个Geronimo 其实存在很多的反序列化,默认类似tomcat Manager也有,也可以利用弱口令等部署war包,我在测试的过程中发现默认启动了JAVA RMI,并且使用了commons-collections,

commons-collections低版本存在反序列化漏洞。

 ./repository/commons-collections/commons-collections/3.2./commons-collections-3.2..jar matches

但是漏洞利用会有一些小坑,具体感兴趣的同学可以自行测试,漏洞payload我也不放出来了。申请CVE的时候和Mark沟通,等了好久,

最后告诉我这个他们内部投票已经准备放弃了。

Mark的回复:

Hi jianan!

Yes, indeed Kevan is right.

The Apache Geronimo Community has recently voted to end support for the Geronimo Server part as Kevan has pointed out.

And yes, we so far failed to reflect this fact on our page.

I will try to address this immediately.

I hope that you understand our situation!

Note that any RMI communication is usually done on a custom port > .

So those ports are usually blocked by a firewall anyway.

Which means that IF a company has any issues by that then they will likely have far more problems than 'just' a RMI injection.

txs and LieGrue,

strub

> Am 19.12. um : schrieb Kevan Miller <kevan.miller@gmail.com>:

>

> Hi Jianan,

> I'm not certain why the PMC has failed to respond to you. Perhaps your messages are not being properly moderated onto the PMC's mailing list?

>

> I believe their response would be as follows:

>

> The Geronimo Server distribution is no longer supported. The community vote thread that decided this is:

>

> https://lists.apache.org/thread.html/7d8159f186eb58f253cfdbe71a7da6a420d6d85565bba01c731d8d0f@%3Cdev.geronimo.apache.org%3E

>

> Unfortunately, the results of this vote are not properly noted on http://geronimo.apache.org/

>

> kevan

Apache Geronimo Remote Code Execute Vulnerability的更多相关文章

  1. [我的CVE][CVE-2017-15708]Apache Synapse Remote Code Execution Vulnerability

    漏洞编号:CNVD-2017-36700 漏洞编号:CVE-2017-15708 漏洞分析:https://www.javasec.cn/index.php/archives/117/ [Apache ...

  2. CVE-2014-6321 && MS14-066 Microsoft Schannel Remote Code Execution Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和 ...

  3. [EXP]Microsoft Windows MSHTML Engine - "Edit" Remote Code Execution

    # Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execut ...

  4. [EXP]Apache Superset < 0.23 - Remote Code Execution

    # Exploit Title: Apache Superset < 0.23 - Remote Code Execution # Date: 2018-05-17 # Exploit Auth ...

  5. MyBB \inc\class_core.php <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution(Reverse Shell Exploit) Vulnerability

    catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 MyBB's unset_globals() function ca ...

  6. CVE: 2014-6271、CVE: 2014-7169 Bash Specially-crafted Environment Variables Code Injection Vulnerability Analysis

    目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 为了理解这个漏 ...

  7. Insecure default in Elasticsearch enables remote code execution

    Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to exe ...

  8. Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution

    Exploiting CVE-2015-2509 /MS15-100 : Windows Media Center could allow remote code execution Trend Mi ...

  9. Tomcat put上传漏洞_CVE2017-12615( JSP Upload Bypass/Remote Code Execution)

    CVE2017-12615漏洞复现( tomcat JSP Upload Bypass /Remote Code Execution) 一.漏洞原理 在windows服务器下,将readonly参数设 ...

随机推荐

  1. 使用Navicat连接oracle时出现unsupported server character set ZHS16GBK的解决之道

    原文网址http://blog.mn886.net/chenjianhua/show/ba1dc6f835be403ea159b0a5e2685ff2/index.html ORA-12737:Ins ...

  2. LeetCode——same-tree

    Question Given two binary trees, write a function to check if they are equal or not. Two binary tree ...

  3. mapreduce 实现数子排序

    设计思路: 使用mapreduce的默认排序,按照key值进行排序的,如果key为封装int的IntWritable类型,那么MapReduce按照数字大小对key排序,如果key为封装为String ...

  4. DL四(预处理:主成分分析与白化 Preprocessing PCA and Whitening )

    预处理:主成分分析与白化 Preprocessing:PCA and Whitening 一主成分分析 PCA 1.1 基本术语 主成分分析 Principal Components Analysis ...

  5. 区间dp的感悟

    学区间dp似乎也很久了...对区间dp的通用模型都了解了一些 但是做题还是很坑 上了一点难度的题基本想不出什么思路.. 目前的做题方式就是看题 想一会发现自己不会做 看题解 好巧妙啊 理解后写一发.. ...

  6. JMeter-Window10系统下设置环境变量

    首先我们右击此电脑(我的电脑),点击属性   接下来我们就可以进入到控制面板主页,点击[高级系统设置]   在系统属性里面,点击[环境变量]按钮   在环境变量里面,点击[新建]按钮   接下来我们输 ...

  7. 【转】Oracle中插入和取出图片(用BLOB类型)

    原文地址:http://czllfy.iteye.com/blog/66737 其他参考资料地址:http://lavasoft.blog.51cto.com/62575/321882/ 要在orac ...

  8. tortoisegit推送ssh-key需要输入用户信息

    修改了测试代码,却在提交代码时候又跳出来请输入用户名和密码, 后来发现,github push有两种方式,ssh方式和https方式.而https方式是不同的,具体来说,就是url信息的不同,实际的验 ...

  9. Xcode 查找 TODO 清单

    在 Xcode 中按 Shift+Command+F,显示在项目中查找窗口,选择按正则表达式查找(Find > Regular Expression): TODO:  //\s*\bTODO\s ...

  10. reloc: Permission denied

    群中一个朋友安装EBS是在db 2/5 步骤中遇到如下错误:  Checking for errors ... .end std out.sqlplus: error while loading sh ...