Lucene search
+L

Apache Commons Configuration 2.4 - 2.7 RCE Vulnerability

🗓️ 25 Nov 2022 00:00:00Reported by Copyright (C) 2022 Greenbone AGType 
openvas
 openvas
🔗 plugins.openvas.org👁 35 Views

Apache Commons Configuration 2.4 - 2.7 RCE Vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM Sterling Connect:Direct for UNIX is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
6 Sep 202216:47
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Apache Commons Configuration (CVE-2022-33980)
13 Oct 202222:19
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities affect IBM Db2® Graph
24 Apr 202322:02
ibm
IBM Security Bulletins
Security Bulletin: Apache Commons Configuration Vulnerability affects IBM SPSS Modeler [CVE-2022-33980]
15 Aug 202202:13
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
16 Aug 202209:11
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Control Center is vulnerable to remote attack due to Apache Commons Configuration [CVE-2022-33980]
16 Sep 202213:39
ibm
IBM Security Bulletins
Security Bulletin: IBM Sterling Connect:Direct File Agent is vulnerable to remote code execution due to Apache Commons Configuration (CVE-2022-33980)
11 Aug 202208:32
ibm
IBM Security Bulletins
Security Bulletin: Due to use of Apache Commons, IBM Cloud PAK for Watson AI Ops is vulnerable to remote code execution (CVE-2022-33980)
19 Sep 202215:41
ibm
IBM Security Bulletins
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities including remote code execution in Apache Commons Text 1.9
8 Dec 202204:10
ibm
IBM Security Bulletins
Security Bulletin: IBM Common Licensing is vulnerable by a remote code attack in Spring Framework and Apache Commons(CVE-2022-22970,CVE-2022-22971,CVE-2022-33980)
25 Jul 202207:50
ibm
Rows per page
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:apache:commons_configuration";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.104438");
  script_version("2023-09-15T05:06:15+0000");
  script_tag(name:"last_modification", value:"2023-09-15 05:06:15 +0000 (Fri, 15 Sep 2023)");
  script_tag(name:"creation_date", value:"2022-11-25 10:38:03 +0000 (Fri, 25 Nov 2022)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2022-07-14 17:15:00 +0000 (Thu, 14 Jul 2022)");

  script_cve_id("CVE-2022-33980");

  script_tag(name:"qod_type", value:"executable_version_unreliable");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("Apache Commons Configuration 2.4 - 2.7 RCE Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("General");
  script_dependencies("gb_apache_commons_consolidation.nasl");
  script_mandatory_keys("apache/commons/configuration/detected");

  script_tag(name:"summary", value:"The Apache Commons Configuration library is prone to a remote
  code execution (RCE) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Apache Commons Configuration performs variable interpolation,
  allowing properties to be dynamically evaluated and expanded. The standard format for
  interpolation is '${prefix:name}', where 'prefix' is used to locate an instance of
  org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. The set of
  default Lookup instances included interpolators that could result in arbitrary code execution or
  contact with remote servers.

  These lookups are:

  - 'script' - execute expressions using the JVM script execution engine (javax.script)

  - 'dns' - resolve dns records

  - 'url' - load values from urls, including from remote servers");

  script_tag(name:"affected", value:"All of the following prerequisites needs to be fulfilled to
  make an application vulnerable:

  - using the Apache Commons Configuration library in version 2.4 through 2.7

  - using the interpolation defaults

  - using untrusted configuration values (e.g. from untrusted user input)");

  script_tag(name:"solution", value:"- Update to version 2.8.0 or later which disables the affected
  interpolators by default

  - After updating to version 2.8.0 make sure that the affected application isn't enabling the
  interpolators again

  - If the affected interpolators are required for the application sanitize untrusted user input");

  script_xref(name:"URL", value:"https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if (isnull(port = get_app_port(cpe: CPE)))
  exit(0);

if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
  exit(0);

version = infos["version"];
location = infos["location"];

if (version_in_range(version: version, test_version: "2.4", test_version2: "2.7")) {
  report = report_fixed_ver(installed_version: version, fixed_version: "2.8.0", install_path: location);
  security_message(port: port, data: report);
  exit(0);
}

exit(99);

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

15 Sep 2023 00:00Current
9.7High risk
Vulners AI Score9.7
CVSS 27.5
CVSS 3.19.8
EPSS0.42646
35