Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cisa_kevCISACISA-KEV-CVE-2024-36401
HistoryJul 15, 2024 - 12:00 a.m.

OSGeo GeoServer GeoTools Eval Injection Vulnerability

2024-07-1500:00:00
CISA
www.cisa.gov
24
osgeo
geoserver
geotools
eval injection
vulnerability
xpath expressions
remote code execution
unauthenticated attackers

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.959

Percentile

99.5%

JSON

OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.

Related

nessus 1
githubexploit 12
rapid7blog 1
nvd 1
nuclei 1
cvelist 1
vulnrichment 1
hackread 1
packetstorm 1
zdt 1
metasploit 1
cve 1
attackerkb 1
github 1
thn 2
osv 3
nessus
nessus
OSGeo GeoServer RCE (CVE-2024-36401)
2024-08-02 00:00:00
githubexploit
githubexploit
Exploit for Eval Injection in Geoserver
2024-07-16 17:29:39
Exploit for Code Injection in Geoserver
2024-07-12 07:01:12
Exploit for Code Injection in Geoserver
2024-08-27 15:28:04
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up 7/19/2024
2024-07-19 16:46:06
nvd
nvd
CVE-2024-36401
2024-07-01 16:15:04
nuclei
nuclei
GeoServer RCE in Evaluating Property Name Expressions
2024-07-03 08:46:01
cvelist
cvelist
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
2024-07-01 15:25:41
vulnrichment
vulnrichment
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver
2024-07-01 15:25:41
hackread
hackread
Critical GeoServer Vulnerability Exploited in Global Malware Campaign
2024-09-06 21:12:07
packetstorm
packetstorm
Geoserver Unauthenticated Remote Code Execution
2024-07-15 00:00:00
zdt
zdt
Geoserver Unauthenticated Remote Code Execution Exploit
2024-07-16 00:00:00
metasploit
metasploit
Geoserver unauthenticated Remote Code Execution
2024-07-08 06:53:16
cve
cve
CVE-2024-36401
2024-07-01 16:15:04
attackerkb
attackerkb
CVE-2024-36401
2024-07-01 00:00:00
github
github
Remote Code Execution (RCE) vulnerability in geoserver
2024-07-01 20:34:50
thn
thn
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
2024-07-16 04:01:00
GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
2024-09-06 15:14:00
osv
osv
Remote Code Execution (RCE) vulnerability in geoserver
2024-07-01 20:34:50
CVE-2024-36404
2024-07-02 14:15:13
CVE-2024-36401
2024-07-01 16:15:04

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

Low

EPSS

0.959

Percentile

99.5%

JSON
Related for CISA-KEV-CVE-2024-36401
nessus1githubexploit12rapid7blog1nvd1nuclei1cvelist1vulnrichment1hackread1packetstorm1zdt1metasploit1cve1attackerkb1github1thn2osv3