9 matches found
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...
Apache APISIX 1.2 <= 1.5 Information Disclosure
The version of Apache APISIX installed on the remote host is 1.2 prior to or equal to 1.5. It is, therefore, affected by an information disclosure vulnerability. An authenticated, remote attacker could exploit this to access Apache APISIX management data. Note that Nessus has not tested for these...
APISIX Admin API default access token RCE
Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1 that can be used to access all of the admin API, which leads to remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass the IP...
Apache APISIX Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APISIX Admin API default access token RCE', 'Description' = %q Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1...
CVE-2020-13945
creationtimestamp| type| source ---|---|--- 2020-12-07 22:30:20+00:00| seen| https://t.me/cibsecurity/17209 2022-03-07 15:23:16+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/apacheapisixapidefaulttokenrce.rb 2023-12-18 01:40:59+00:00| seen|...
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...
CVE-2020-13945
Apache APISIX 1.2–1.5 are vulnerable when the Admin API is enabled and Admin API access IP restriction rules are removed, allowing the default token to access APISIX management data. The root cause is insufficient protection of credentials leading to unauthorized access. Impact is unauthorized ac...
CVE-2020-13945
In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5...