Lucene search
K

5 matches found

Tenable Nessus
Tenable Nessus
added 2024/08/02 12:0 a.m.64 views

OSGeo GeoServer RCE (CVE-2024-36401)

The version of OSGeo GeoServer installed on the remote host is affected by a remote code executionvulnerability, as follows: - Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to...

9.8CVSS9.4AI score0.99813EPSS
Exploits25References2
BDU FSTEC
BDU FSTEC
added 2024/07/04 12:0 a.m.7 views

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, allows a perpetrator to execute arbitrary code.

The vulnerability of the application software interface of the GeoTools library, used for managing and publishing geospatial data on the OSGeo GeoServer server, is related to improper code generation. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a...

10CVSS8.3AI score0.99813EPSS
Exploits25References7Affected Software2
Github Security Blog
Github Security Blog
added 2024/07/01 8:34 p.m.126 views

Remote Code Execution (RCE) vulnerability in geoserver

Summary Multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls evaluates...

9.8CVSS9.8AI score0.99813EPSS
Exploits25References9Affected Software3
Vulnrichment
Vulnrichment
added 2024/07/01 3:25 p.m.80 views

CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS9.8AI score0.99813EPSS
Exploits25References5
ATTACKERKB
ATTACKERKB
added 2024/07/01 12:0 a.m.149 views

CVE-2024-36401

GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution RCE by unauthenticated users through specially crafted input against a default GeoServer...

9.8CVSS8.6AI score0.99813EPSS
In wildExploits26References6
Rows per page
Query Builder