6600+ Vulnerable GeoServer instances Exposed to the Internet
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Security analysts have identified 6,635 GeoServer instances exposed to the Internet, which makes them vulnerable to critical remote code execution (RCE) attacks.
A recent tweet from the Shadowserver Foundation stated that the vulnerability, tracked as CVE-2024-36401, affects GeoServer versions before 2.23.6, 2.24.4, and 2.25.2.
We are sharing CVE-2024-36401 vulnerable GeoServer instances in our daily feeds.
Our version based check uncovers 6635 likely vulnerable instances on 2024-07-24
Dashboard: https://t.co/jIS7ZucJOR
CVE-2024-36401 is known to be exploited in the wild & on @CISACyber KEV list. pic.twitter.com/a6KuJfssN9
— The Shadowserver Foundation (@Shadowserver) July 25, 2024
GeoServer, an open-source server enabling users to share and edit geospatial data, is widely used in various industries, including urban planning, environmental monitoring, and resource management.
The identified vulnerability stems from multiple OGC request parameters that allow unauthenticated users to execute arbitrary code through specially crafted inputs.
This is due to the unsafe evaluation of property names as XPath expressions within the GeoTools library API, which GeoServer calls upon.
CVE-2024-36401 – Vulnerable GeoServer Instances
The vulnerability is particularly concerning because it applies to all GeoServer instances, not just those using complex feature types.
The exploitation can occur through several request types, including WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic, and WPS Execute requests.
Security experts have confirmed the exploitability of this vulnerability, although no public proof-of-concept (PoC) has been released.
The potential impact of this vulnerability includes unauthorized access and control over the affected GeoServer instances, posing significant risks to data integrity and security.
GeoServer users are strongly advised to upgrade to versions 2.23.6, 2.24.4, or 2.25.2, which contain patches addressing this critical issue.
As an interim measure, users can remove the gt-complex-x.y.jar file from their GeoServer installations, where x.y corresponds to the GeoTools version (e.g., gt-complex-31.1.jar for GeoServer 2.25.1).
However, this workaround may disrupt some functionalities or prevent deployment if the gt-complex module is essential.
The discovery of these vulnerable instances underscores the importance of regular software updates and vigilant security practices to protect against emerging threats.
GeoServer users must act swiftly to mitigate the risks associated with CVE-2024-36401 and safeguard their geospatial data.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
6600+ Vulnerable GeoServer instances Exposed to the Internet
Author: DhivyaSecurity analysts have identified 6,635 GeoServer instances exposed to the Internet, which makes them vulnerable to critical remote code execution (RCE) attacks.
A recent tweet from the Shadowserver Foundation stated that the vulnerability, tracked as CVE-2024-36401, affects GeoServer versions before 2.23.6, 2.24.4, and 2.25.2.
We are sharing CVE-2024-36401 vulnerable GeoServer instances in our daily feeds.
Our version based check uncovers 6635 likely vulnerable instances on 2024-07-24
Dashboard: https://t.co/jIS7ZucJOR
CVE-2024-36401 is known to be exploited in the wild & on @CISACyber KEV list. pic.twitter.com/a6KuJfssN9
— The Shadowserver Foundation (@Shadowserver) July 25, 2024
GeoServer, an open-source server enabling users to share and edit geospatial data, is widely used in various industries, including urban planning, environmental monitoring, and resource management.
The identified vulnerability stems from multiple OGC request parameters that allow unauthenticated users to execute arbitrary code through specially crafted inputs.
This is due to the unsafe evaluation of property names as XPath expressions within the GeoTools library API, which GeoServer calls upon.
CVE-2024-36401 – Vulnerable GeoServer Instances
The vulnerability is particularly concerning because it applies to all GeoServer instances, not just those using complex feature types.
The exploitation can occur through several request types, including WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic, and WPS Execute requests.
Security experts have confirmed the exploitability of this vulnerability, although no public proof-of-concept (PoC) has been released.
The potential impact of this vulnerability includes unauthorized access and control over the affected GeoServer instances, posing significant risks to data integrity and security.
GeoServer users are strongly advised to upgrade to versions 2.23.6, 2.24.4, or 2.25.2, which contain patches addressing this critical issue.
As an interim measure, users can remove the gt-complex-x.y.jar file from their GeoServer installations, where x.y corresponds to the GeoTools version (e.g., gt-complex-31.1.jar for GeoServer 2.25.1).
However, this workaround may disrupt some functionalities or prevent deployment if the gt-complex module is essential.
The discovery of these vulnerable instances underscores the importance of regular software updates and vigilant security practices to protect against emerging threats.
GeoServer users must act swiftly to mitigate the risks associated with CVE-2024-36401 and safeguard their geospatial data.
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
