Hunting for Attacks Using Recent Apache Struts and OfBiz Vulnerabilities | Threat SnapShot
In the fast-paced tech landscape, open-source software is the backbone of many organizations, prized for its innovation and cost-effectiveness. But with great power comes great responsibility – the responsibility to stay vigilant against security vulnerabilities. Timely patching and proactive vulnerability management aren’t just best practices; they’re crucial shields protecting your digital assets from unseen threats. It’s time to turn our attention to some pressing vulnerabilities that have surfaced in the world of open-source software. Today, we’re delving into critical issues found in Apache Struts (CVE-2023-50164) and Apache OfBiz (CVE-2023-49070, CVE-2023-51467).
Apache Struts, a widely used open-source framework for creating Java web applications, has a severe vulnerability (CVE-2023-50164) with a CVSS score of 9.8. This flaw, found in the file upload logic, can lead to path traversal and remote code execution (RCE). Attackers can manipulate file upload parameters to upload malicious files, gaining unauthorized access to system.
Apache OfBiz, an enterprise resource planning (ERP) system, has been hit with two significant vulnerabilities. CVE-2023-49070, a pre-authenticated RCE flaw, arises from a deprecated XML-RPC component and can lead to full server control and data theft. CVE-2023-51467, on the other hand, enables attackers to bypass authentication and execute SSRF attacks. This vulnerability can be exploited by using empty or invalid USERNAME and PASSWORD parameters in HTTP request.
These vulnerabilities are not just theoretical concerns. They have been observed in the wild, with CVE-2023-50164 already seeing broad exploitation attempts. CVE-2023-51467 also saw a surge in exploitation attempts, highlighting the urgency of addressing these issues. We suggest you hunt back in time for exploitation, and we have you covered – check out the vid for hunting tips that can help you protect your organization.
References:
– https://www.securityweek.com/recent-apache-struts-2-vulnerability-in-attacker-crosshairs/
– https://www.trendmicro.com/en_us/research/23/l/decoding-cve-2023-50164–unveiling-the-apache-struts-file-upload.html
– https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
– https://thehackernews.com/2024/01/new-poc-exploit-for-apache-ofbiz.html
SnapAttack Resources:
– https://app.snapattack.com/collection/55106b16-ec7c-49a0-b7fb-49540171d171 – Collection: Apache Struts Path Traversal / Remote Code Execution (CVE-2023-50164) | Threat SnapShot
– https://app.snapattack.com/threat/6852b7b1-1e39-240b-e393-ce92849fc361 – Threat: CVE-2023-50164 Apache Struts Path Traversal
– https://app.snapattack.com/detection/d1f4bb88-a53e-49f7-b7b6-f727b8f5baa0 – Detection: Possible Apache Struts Path Traversal
– https://app.snapattack.com/detection/365071bb-2fb9-44b5-825b-3b5e2e602d33 – Detection: Unusual Tomcat File Write
– https://app.snapattack.com/detection/c35eb9d4-6003-4b1a-af3a-8042b53d7ecf – Detection: Webshell-Indicative Process Tree
– https://app.snapattack.com/detection/0dc07037-a489-4514-b823-63f16b2c4fe1 – Detection: Tomcat WebShell Creation
– https://app.snapattack.com/collection/60f1952c-16eb-40df-bb85-3bdc2f41a008 – Collection: Apache OfBiz Authentication Bypass / RCE (CVE-2023-49070, CVE-2023-51467) | Threat SnapShot
– https://app.snapattack.com/threat/096b8336-747a-16de-6f3d-d7f219e0d6a3 – Threat: Apache OfBiz Authentication Bypass – CVE-2023-49070 & CVE-2023-51467
– https://app.snapattack.com/detection/d874088a-f275-40d0-a34e-657c1514ab28 – Detection: Suspicious Child of Apache Ofbiz
by SnapAttack
linux foundation
