GeoServer Unauthenticated RCE
This week, contributor h00die-gr3y added an interesting exploit module that targets the GeoServer open-source application. This software is used to view, edit, and share geospatial data. Versions prior to 2.23.6, versions between 2.24.0 and 2.24.3 and versions between 2.25.0 and 2.25.1 are unsafely evaluating property names as XPath expressions, which can lead to unauthenticated remote code execution. This vulnerability is identified as CVE-2024-36401, and affects all GeoServer instances. This has been confirmed to be exploitable through WFS GetFeature, WFS GetPropertyValue, WMS GetMap, WMS GetFeatureInfo, WMS GetLegendGraphic, and WPS Execute requests.
New module content (1)
GeoServer Unauthenticated Remote Code Execution
Authors: Steve Ikeoka, h00die-gr3y, and jheysel-r7Type: ExploitPull request: #19311 contributed by h00die-gr3yPath: multi/http/geoserver_unauth_rce_cve_2024_36401AttackerKB reference: CVE-2024-36401
Description: This adds an exploit module for CVE-2024-36401, an unauthenticated RCE vulnerability in GeoServer versions prior to 2.23.6, between version 2.24.0 and 2.24.3 and in version 2.25.0, 2.25.1.
Enhancements and features (1)
#19325 from pmauduit - Updates the TARGETURI description for the geoserver_unauth_rce_cve_2024_36401 module.
Bugs fixed (3)
#19322 from dledda-r7 - This fixes an issue that was causing some Meterpreters to consume large amounts of memory when configured ..
Support the originator by clicking the read the rest link below.
