Security News > 2024 > January > Apache OFBiz zero-day pummeled by exploit attempts after disclosure

SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight.
If you use the Apache Software Foundation framework, which includes business process automation apps and other enterprise-friendly functions, you should upgrade to OFBiz version 18.12.11 immediately to patch both this and a second, equally serious hole.
Apache OFBiz is believed to have a large number of users, with SonicWall noting Atlassian's Jira alone is relied upon by more than 120,000 companies.
"We have contacted Prodsec, looking at the code in Jira DC, Jira Cloud, Confluence DC, and Confluence Cloud to confirm that we are not using the vulnerable framework. Jira only uses a fork of Apache's OfBiz Entity Engine module, which does not include the affected areas of code. Additionally, Confluence does not use the Entity Engine module at all."
The blog post by Hasib Vhora, senior threat researcher at SonicWall, goes into the finer details about the two test cases, but the main takeaway is that the authentication bypass is caused by unexpected behavior when the requirePasswordChange parameter of the login function is set to "Y" in the URI. Vhora commended the response of the Apache OFBiz team, fixing the problem swiftly.
"We appreciate the prompt response and remediation by the Apache OFBiz team," Vhora said.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/08/apache_ofbiz_zeroday/
Related news
- Apache Tomcat Vulnerability Actively Exploited Just 30 Hours After Public Disclosure (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk? (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- PipeMagic Trojan Exploits Windows Zero-Day Vulnerability to Deploy Ransomware (source)
- Hackers exploit WordPress plugin auth bypass hours after disclosure (source)
- ⚡ Weekly Recap: iOS Zero-Days, 4Chan Breach, NTLM Exploits, WhatsApp Spyware & More (source)
- Craft CMS RCE exploit chain used in zero-day attacks to steal data (source)
- Enterprise tech dominates zero-day exploits with no signs of slowdown (source)