Security News > 2024 > January > Apache OFBiz zero-day pummeled by exploit attempts after disclosure
SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight.
If you use the Apache Software Foundation framework, which includes business process automation apps and other enterprise-friendly functions, you should upgrade to OFBiz version 18.12.11 immediately to patch both this and a second, equally serious hole.
Apache OFBiz is believed to have a large number of users, with SonicWall noting Atlassian's Jira alone is relied upon by more than 120,000 companies.
"We have contacted Prodsec, looking at the code in Jira DC, Jira Cloud, Confluence DC, and Confluence Cloud to confirm that we are not using the vulnerable framework. Jira only uses a fork of Apache's OfBiz Entity Engine module, which does not include the affected areas of code. Additionally, Confluence does not use the Entity Engine module at all."
The blog post by Hasib Vhora, senior threat researcher at SonicWall, goes into the finer details about the two test cases, but the main takeaway is that the authentication bypass is caused by unexpected behavior when the requirePasswordChange parameter of the login function is set to "Y" in the URI. Vhora commended the response of the Apache OFBiz team, fixing the problem swiftly.
"We appreciate the prompt response and remediation by the Apache OFBiz team," Vhora said.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/01/08/apache_ofbiz_zeroday/
Related news
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- Critical security hole in Apache Struts under exploit (source)