Vulnerabilities > CVE-2012-1622 - Unspecified vulnerability in Apache Ofbiz 10.04
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to execute arbitrary code via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
D2sec
name Apache OFBiz 10.04.01 RCE (Linux) url http://www.d2sec.com/exploits/apache_ofbiz_10.04.01_rce_linux.html name Apache OFBiz 10.04.01 RCE (Windows) url http://www.d2sec.com/exploits/apache_ofbiz_10.04.01_rce_windows.html
Nessus
NASL family | CGI abuses |
NASL id | OFBIZ_NESTED_SCRIPT_RCE.NASL |
description | The version of Apache OFBiz hosted on the remote host has an arbitrary code execution vulnerability. Specially crafted input passed to the getInstance() method of the FlexibleStringExpander class can result in the evaluation of nested Java Unified Expression Language expressions. A remote, unauthenticated attacker could exploit this to execute arbitrary code. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 59247 |
published | 2012-05-23 |
reporter | This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/59247 |
title | Apache OFBiz FlexibleStringExpander Remote Code Execution |
References
- http://mail-archives.apache.org/mod_mbox/ofbiz-user/201204.mbox/%3C4F378887-E697-44E7-976C-48B9B7475C4D%40apache.org%3E
- http://mail-archives.apache.org/mod_mbox/ofbiz-user/201204.mbox/%3C4F378887-E697-44E7-976C-48B9B7475C4D%40apache.org%3E
- http://ofbiz.apache.org/download.html#security
- http://ofbiz.apache.org/download.html#security