Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
A critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.
Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses in server endpoints.
Apache Ignite, a distributed in-memory database platform, improperly validates class serialization filters on specific endpoints.
Attackers can craft malicious payloads containing serialized objects that bypass security checks, triggering code execution when deserialized.
The vulnerability originates from Ignite’s failure to enforce ObjectInputFilter configurations, which are designed to block dangerous classes during deserialization.
Successful exploitation grants full control over affected systems, compromising data integrity, confidentiality, and availability. The attack requires:
Reporter Zhattatey and remediation developer Mikhail Petrov contributed to the vulnerability’s identification and fix.
Mitigation Strategies
The Apache Software Foundation released version 2.17.0 to enforce serialization filters comprehensively. Administrators should:
Upgrade immediately using Maven:
Restrict network access to Ignite endpoints via firewalls or security groups and monitor logs for anomalous deserialization attempts, such as unexpected class loads or outgoing network connections.
CVE-2024-52577 underscores persistent risks in Java deserialization, a problem first widely publicized in 2015 with vulnerabilities in Apache Commons Collections.
Despite improvements like JEP 290 (introducing serialization filters in Java 9), misconfigurations remain prevalent.
Organizations using Apache Ignite must prioritize upgrading to 2.17.0 and audit their classpaths for unnecessary gadget libraries.
As attackers increasingly target serialization flaws, proactive patch management, and defense-in-depth strategies are critical to mitigating RCE risks.
#Apache #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
Critical Apache Ignite Vulnerability Let Attackers Execute Remote Code
Author: KaaviyaA critical vulnerability in Apache Ignite tracked as CVE-2024-52577, exposes systems to remote code execution (RCE) attacks due to improper enforcement of class serialization filters.
Rated CVSS 9.8, this flaw affects Ignite versions 2.6.0 through 2.16.x, enabling attackers to execute arbitrary code by exploiting deserialization weaknesses in server endpoints.
Apache Ignite, a distributed in-memory database platform, improperly validates class serialization filters on specific endpoints.
Attackers can craft malicious payloads containing serialized objects that bypass security checks, triggering code execution when deserialized.
The vulnerability originates from Ignite’s failure to enforce ObjectInputFilter configurations, which are designed to block dangerous classes during deserialization.
Successful exploitation grants full control over affected systems, compromising data integrity, confidentiality, and availability. The attack requires:
- Network access to Ignite endpoints (e.g., REST API, binary protocols).
- A gadget class in the server’s classpath (e.g., a library with exploitable serialization methods).
Reporter Zhattatey and remediation developer Mikhail Petrov contributed to the vulnerability’s identification and fix.
Mitigation Strategies
The Apache Software Foundation released version 2.17.0 to enforce serialization filters comprehensively. Administrators should:
Upgrade immediately using Maven:
Restrict network access to Ignite endpoints via firewalls or security groups and monitor logs for anomalous deserialization attempts, such as unexpected class loads or outgoing network connections.
CVE-2024-52577 underscores persistent risks in Java deserialization, a problem first widely publicized in 2015 with vulnerabilities in Apache Commons Collections.
Despite improvements like JEP 290 (introducing serialization filters in Java 9), misconfigurations remain prevalent.
Organizations using Apache Ignite must prioritize upgrading to 2.17.0 and audit their classpaths for unnecessary gadget libraries.
As attackers increasingly target serialization flaws, proactive patch management, and defense-in-depth strategies are critical to mitigating RCE risks.
#Apache #Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте:
