CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks

Teilen:

“The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions,” reads the GeoServer advisory.

“This XPath evaluation is intended to be used only by complex feature types (i.e., Application Schema data stores) but is incorrectly being applied to simple feature types as well which makes this vulnerability apply to ALL GeoServer instances.”

While the vulnerability was not being actively exploited at the time, researchers quickly released proof of concept exploits [1, 2, 3] that demonstrated how to perform remote code execution on exposed servers and open reverse shells, make outbound connections, or create a file in the /tmp folder.

 

The project maintainers patched the flaw in GeoServer versions 2.23.6, 2.24.4, and 2.25.2 and recommended that all users upgrade to these releases.

The developers also offer workarounds but warn that they may break some GeoServer functionality.

CVE-2024-36401 used in attacks

Yesterday, the US Cybersecurity and Infrastructure Security Agency added CVE-2024-36401 to its Known Exploited Vulnerabilities Catalog, warning that the flaw is being actively exploited in attacks. CISA now requires federal agencies to patch servers by August 5th, 2024.

While CISA did not provide any information on how the flaws were being exploited, the threat monitoring service Shadowserver said they observed CVE-2024-36401 being actively exploited starting on July 9th.

 

OSINT search engine ZoomEye says that approximately 16,462 GeoServer servers are exposed online, most located in the US, China, Romania, Germany, and France.

Although the agency’s KEV catalog primarily targets federal agencies, private organizations GeoServer should also prioritize patching this vulnerability to prevent attacks.

Those who haven’t already patched should immediately upgrade to the latest version and thoroughly review their system and logs for possible compromise.

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
7:27 am, Feb. 11, 2025
Wetter-Symbol 3°C
L: 3° | H: 4°
overcast clouds
Luftfeuchtigkeit: 93 %
Druck: 1018 mb
Wind: 5 mph WNW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 100%
Regen Chance: 0%
Sichtbarkeit: 7 km
Sonnenaufgang: 7:21 am
Sonnenuntergang: 5:07 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Today 9:00 pm
Wetter-Symbol
3° | 4°°C 0.2 mm 20% 4 mph 96 % 1018 mb 0 mm/h
Tomorrow 9:00 pm
Wetter-Symbol
2° | 7°°C 0 mm 0% 5 mph 96 % 1021 mb 0 mm/h
Do. Feb. 13 9:00 pm
Wetter-Symbol
3° | 7°°C 0 mm 0% 9 mph 77 % 1025 mb 0 mm/h
Fr. Feb. 14 9:00 pm
Wetter-Symbol
2° | 6°°C 0 mm 0% 8 mph 78 % 1026 mb 0 mm/h
Sa. Feb. 15 9:00 pm
Wetter-Symbol
1° | 5°°C 0 mm 0% 9 mph 75 % 1026 mb 0 mm/h
Today 9:00 am
Wetter-Symbol
3° | 3°°C 0.2 mm 20% 4 mph 95 % 1018 mb 0 mm/h
Today 12:00 pm
Wetter-Symbol
3° | 3°°C 0 mm 0% 4 mph 96 % 1018 mb 0 mm/h
Today 3:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 4 mph 86 % 1017 mb 0 mm/h
Today 6:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 86 % 1018 mb 0 mm/h
Today 9:00 pm
Wetter-Symbol
4° | 4°°C 0 mm 0% 3 mph 84 % 1018 mb 0 mm/h
Tomorrow 12:00 am
Wetter-Symbol
4° | 4°°C 0 mm 0% 2 mph 88 % 1019 mb 0 mm/h
Tomorrow 3:00 am
Wetter-Symbol
3° | 3°°C 0 mm 0% 3 mph 92 % 1018 mb 0 mm/h
Tomorrow 6:00 am
Wetter-Symbol
2° | 2°°C 0 mm 0% 3 mph 96 % 1018 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€95,474.37
1.24%
Ethereum(ETH)
€2,636.37
3.00%
XRP(XRP)
€2.44
4.84%
Fesseln(USDT)
€0.97
0.00%
Solana(SOL)
€198.99
0.97%
USDC(USDC)
€0.97
0.00%
Dogecoin(DOGE)
€0.259807
6.94%
Shiba Inu(SHIB)
€0.000016
3.13%
Pepe(PEPE)
€0.000010
8.82%
Nach oben scrollen