Lucene search
+L

10 matches found

nuclei
nuclei
added 5 days ago95 views

Apache APISIX - Remote Code Execution

A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.3AI score0.96182EPSS
Exploits16References5
redhatcve
redhatcve
added 2025/05/22 9:55 p.m.12 views

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.5AI score0.96182EPSS
Exploits16References1
githubexploit
githubexploit
added 2022/03/16 9:19 a.m.433 views

Exploit for Authentication Bypass by Spoofing in Apache Apisix

Apache APISIX Remote Code Execution CVE-2022-24112 Exploit...

9.8CVSS10AI score0.96182EPSS
Exploits16
cnvd
cnvd
added 2022/02/15 12:0 a.m.119 views

Apache Apisix Remote Code Execution Vulnerability

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...

9.8CVSS9.7AI score0.96182EPSS
Exploits16References1
nvd
nvd
added 2022/02/11 1:15 p.m.40 views

CVE-2022-24112

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS0.96182EPSS
Exploits16References5
prion
prion
added 2022/02/11 1:15 p.m.33 views

Default configuration

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

7.5CVSS9.6AI score0.96182EPSS
Exploits16References4Affected Software1
osv
osv
added 2022/02/11 12:20 p.m.46 views

CVE-2022-24112 apisix/batch-requests plugin allows overwriting the X-REAL-IP header

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX with default API key is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different...

9.8CVSS7.7AI score0.96182EPSS
Exploits16References7
cve
cve
added 2022/02/11 12:20 p.m.1061 views

CVE-2022-24112

CVE-2022-24112 affects Apache APISIX. It arises from the batch-requests plugin, where a bug can bypass the Admin API IP restriction, enabling remote code execution. Exploits/PoCs exist for APISIX 2.12.0–2.12.1 demonstrating RCE via admin API path and Lua code injection in routes, with documented ...

9.8CVSS9.7AI score0.96182EPSS
In wildExploits16References5Affected Software1
ptsecurity
ptsecurity
added 2022/02/11 12:0 a.m.12 views

PT-2022-2569

Name of the Vulnerable Software and Affected Versions: Apache APISIX versions 2.12.1 Description: The issue concerns an authentication bypass vulnerability in Apache APISIX, where an attacker can exploit the batch-requests plugin to send requests and bypass the IP restriction of the Admin API. Th...

10CVSS10AI score0.96182EPSS
Exploits16References34
cnnvd
cnnvd
added 2022/02/11 12:0 a.m.5 views

Apache APISIX 安全漏洞

Apache Apisix is a cloud-native microservice API gateway service from the Apache Foundation. The software is based on OpenResty and etcd to realize , with dynamic routing and plug-in hot loading , suitable for microservice system under the API management . A remote code execution vulnerability...

9.8CVSS6.8AI score0.96182EPSS
Exploits16References11
Rows per page
Query Builder