CVE-2024-36401CISA KEV: Actively Exploited

OSGeo GeoServer GeoTools Eval Injection Vulnerability

Published Jul 15, 2024·Updated Jul 15, 2024

Description

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.

Public Exploits & PoCs26 found

PoC: GeoServerExploit

GeoServer(CVE-2024-36401/CVE-2024-36404)漏洞利用工具

59

PoC: CVE-2024-36401

GeoServer Remote Code Execution

6

PoC: CVE-2024-36401

geoserver图形化漏洞利用工具

2

PoC: CVE-2024-36401

Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions with multies ways to exploit

2

PoC: CVE-2024-36401

An Python Exp For "GeoServer"

1

PoC: GeoServer-Tools-CVE-2024-36401

CVE-2024-36401 图形化利用工具,支持各个JDK版本利用以及回显、内存马实现

1

PoC: CVE-2024-36401

geoserver图形化漏洞利用工具

1

PoC: CVE-2024-36401

CVE-2024-36401 GeoServer Remote Code Execution

1

PoC: CVE-2024-36401-WoodpeckerPlugin

CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件

1

PoC: geoexplorer

Mass scanner for CVE-2024-36401

1

PoC: CVE-2024-36401

CVE-2024-36401-POC

1

PoC: CVE-2024-36401

POC for CVE-2024-36401. This POC will attempt to establish a reverse shell from the vlun targets.

1

PoC: CVE-2024-36401-MASS

Geoserver RCE

PoC: Exploit-CVE-2024-36401

Python exploit for GeoServer (CVE-2024-36401) with JSP web shell upload

PoC: cve-2024-36401-poc

A poc for cve-2024-36401 for applications using GeoTools for WMS data retrieval

PoC: CVE-2024-36401_Geoserver_RCE_POC

本脚本是针对 GeoServer 的远程代码执行漏洞(CVE-2024-36401)开发的 PoC(Proof of Concept)探测工具。该漏洞允许攻击者通过构造特定请求,在目标服务器上执行任意命令。

PoC: CVE-2024-36401

geoserver图形化漏洞利用工具

PoC: CVE-2024-36401

geoserver图形化漏洞利用工具

PoC: CVE-2024-36401-WoodpeckerPlugin

CVE-2024-36401-GeoServer Property 表达式注入 Rce woodpecker-framework 插件

PoC: cve-2024-36401-poc

CVE-2024-36401是GeoServer中的一个高危远程代码执行漏洞。GeoServer是一款开源的地理数据服务器软件,主要用于发布、共享和处理各种地理空间数据。 ALIYUN 漏洞原理: 该漏洞源于GeoServer在处理属性名称时,将其不安全地解析为XPath表达式。具体而言,GeoServer调用的GeoTools库API在评估要素类型的属性名称时,以不安全的方式将其传递给commons-jxpath库。由于commons-jxpath库在解析XPath表达式时允许执行任意代码,攻击者可以通过构造特定的输入,利用多个OGC请求参数(如WFS GetFeature、WFS GetPropertyValue、WMS GetMap等),在未经身份验证的情况下远程执行任意代码。

PoC: GeoServer-CVE-2024-36401

GeoServer CVE-2024-36401: Remote Code Execution (RCE) Vulnerability In Evaluating Property Name Expressions

PoC: CVE-2024-36401-PoC

Proof-of-Concept Exploit for CVE-2024-36401 GeoServer 2.25.1

PoC: geoserver-

geoserver CVE-2024-36401漏洞利用工具

PoC: geoserver-

geoserver CVE-2024-36401 一键漏洞利用工具

PoC: CVE-2024-36401

Exploiter a Vulnerability detection and Exploitation tool for GeoServer Unauthenticated Remote Code Execution CVE-2024-36401.

PoC: CVE-2024-36401

POC

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free