Skip to content

Commit 1abe29e

Browse files
msjenkins-r7msjenkins-r7
committed
automatic module_metadata_base.json update
1 parent f7449ea commit 1abe29e

File tree

1 file changed

+66
-0
lines changed

1 file changed

+66
-0
lines changed

db/modules_metadata_base.json

Lines changed: 66 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -101357,6 +101357,72 @@
101357101357
"session_types": false,
101358101358
"needs_cleanup": true
101359101359
},
101360+
"exploit_multi/http/geoserver_unauth_rce_cve_2024_36401": {
101361+
"name": "Geoserver unauthenticated Remote Code Execution",
101362+
"fullname": "exploit/multi/http/geoserver_unauth_rce_cve_2024_36401",
101363+
"aliases": [
101364+
101365+
],
101366+
"rank": 600,
101367+
"disclosure_date": "2024-07-01",
101368+
"type": "exploit",
101369+
"author": [
101370+
"h00die-gr3y <[email protected]>",
101371+
"jheysel-r7",
101372+
"Steve Ikeoka"
101373+
],
101374+
"description": "GeoServer is an open-source software server written in Java that provides\n the ability to view, edit, and share geospatial data.\n It is designed to be a flexible, efficient solution for distributing geospatial data\n from a variety of sources such as Geographic Information System (GIS) databases,\n web-based data, and personal datasets.\n In the GeoServer versions < 2.23.6, >= 2.24.0, < 2.24.4 and >= 2.25.0, < 2.25.1,\n multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users\n through specially crafted input against a default GeoServer installation due to unsafely\n evaluating property names as XPath expressions.\n An attacker can abuse this by sending a POST request with a malicious xpath expression\n to execute arbitrary commands as root on the system.",
101375+
"references": [
101376+
"CVE-2024-36401",
101377+
"URL-https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv",
101378+
"URL-https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401",
101379+
"URL-https://attackerkb.com/topics/W6IDY2mmp9/cve-2024-36401"
101380+
],
101381+
"platform": "Linux,Unix",
101382+
"arch": "cmd, x86, x64, aarch64, armle",
101383+
"rport": 8080,
101384+
"autofilter_ports": [
101385+
80,
101386+
8080,
101387+
443,
101388+
8000,
101389+
8888,
101390+
8880,
101391+
8008,
101392+
3000,
101393+
8443
101394+
],
101395+
"autofilter_services": [
101396+
"http",
101397+
"https"
101398+
],
101399+
"targets": [
101400+
"Unix Command",
101401+
"Linux Dropper",
101402+
"Windows Command"
101403+
],
101404+
"mod_time": "2024-07-12 13:38:59 +0000",
101405+
"path": "/modules/exploits/multi/http/geoserver_unauth_rce_cve_2024_36401.rb",
101406+
"is_install_path": true,
101407+
"ref_name": "multi/http/geoserver_unauth_rce_cve_2024_36401",
101408+
"check": true,
101409+
"post_auth": false,
101410+
"default_credential": false,
101411+
"notes": {
101412+
"Stability": [
101413+
"crash-safe"
101414+
],
101415+
"Reliability": [
101416+
"repeatable-session"
101417+
],
101418+
"SideEffects": [
101419+
"ioc-in-logs",
101420+
"artifacts-on-disk"
101421+
]
101422+
},
101423+
"session_types": false,
101424+
"needs_cleanup": null
101425+
},
101360101426
"exploit_multi/http/gestioip_exec": {
101361101427
"name": "GestioIP Remote Command Execution",
101362101428
"fullname": "exploit/multi/http/gestioip_exec",

0 commit comments

Comments
 (0)