Security News > 2024 > July > CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks.
On June 30th, GeoServer disclosed a critical 9.8 severity remote code execution vulnerability in its GeoTools plugin caused by unsafely evaluating property names as XPath expressions.
"The GeoTools library API that GeoServer calls evaluates property/attribute names for feature types in a way that unsafely passes them to the commons-jxpath library which can execute arbitrary code when evaluating XPath expressions," reads the GeoServer advisory.
Yesterday, the US Cybersecurity and Infrastructure Security Agency added CVE-2024-36401 to its Known Exploited Vulnerabilities Catalog, warning that the flaw is being actively exploited in attacks.
While CISA did not provide any information on how the flaws were being exploited, the threat monitoring service Shadowserver said they observed CVE-2024-36401 being actively exploited starting on July 9th. OSINT search engine ZoomEye says that approximately 16,462 GeoServer servers are exposed online, most located in the US, China, Romania, Germany, and France.
CISA warns of actively exploited Linux privilege elevation flaw.
News URL
Related news
- London hospitals left in critical condition after ransomware attack (source)
- PHP fixes critical RCE flaw impacting all versions for Windows (source)
- CISA warns of Windows bug exploited in ransomware attacks (source)
- Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed (source)
- Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool (source)
- CISA: Most critical open source projects not using memory safe code (source)
- Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks (source)
- Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-01 | CVE-2024-36401 | Code Injection vulnerability in multiple products GeoServer is an open source server that allows users to share and edit geospatial data. | 9.8 |