7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.215 Low
EPSS
Percentile
96.5%
The Apache Commons Configuration library is prone to a remote
code execution (RCE) vulnerability.
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:apache:commons_configuration";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.104438");
script_version("2023-09-15T05:06:15+0000");
script_tag(name:"last_modification", value:"2023-09-15 05:06:15 +0000 (Fri, 15 Sep 2023)");
script_tag(name:"creation_date", value:"2022-11-25 10:38:03 +0000 (Fri, 25 Nov 2022)");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-07-14 17:15:00 +0000 (Thu, 14 Jul 2022)");
script_cve_id("CVE-2022-33980");
script_tag(name:"qod_type", value:"executable_version_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Apache Commons Configuration 2.4 - 2.7 RCE Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("General");
script_dependencies("gb_apache_commons_consolidation.nasl");
script_mandatory_keys("apache/commons/configuration/detected");
script_tag(name:"summary", value:"The Apache Commons Configuration library is prone to a remote
code execution (RCE) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Apache Commons Configuration performs variable interpolation,
allowing properties to be dynamically evaluated and expanded. The standard format for
interpolation is '${prefix:name}', where 'prefix' is used to locate an instance of
org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. The set of
default Lookup instances included interpolators that could result in arbitrary code execution or
contact with remote servers.
These lookups are:
- 'script' - execute expressions using the JVM script execution engine (javax.script)
- 'dns' - resolve dns records
- 'url' - load values from urls, including from remote servers");
script_tag(name:"affected", value:"All of the following prerequisites needs to be fulfilled to
make an application vulnerable:
- using the Apache Commons Configuration library in version 2.4 through 2.7
- using the interpolation defaults
- using untrusted configuration values (e.g. from untrusted user input)");
script_tag(name:"solution", value:"- Update to version 2.8.0 or later which disables the affected
interpolators by default
- After updating to version 2.8.0 make sure that the affected application isn't enabling the
interpolators again
- If the affected interpolators are required for the application sanitize untrusted user input");
script_xref(name:"URL", value:"https://lists.apache.org/thread/tdf5n7j80lfxdhs2764vn0xmpfodm87s");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (isnull(port = get_app_port(cpe: CPE)))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range(version: version, test_version: "2.4", test_version2: "2.7")) {
report = report_fixed_ver(installed_version: version, fixed_version: "2.8.0", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.7 High
AI Score
Confidence
High
0.215 Low
EPSS
Percentile
96.5%