Skip to content
/ WSO2-2021-1259 Public

WSO2-2021-1259: H2 RCE via Malicious JDBC Connection String in WSO2 ESB

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mbadanoiu/WSO2-2021-1259

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
README.md
README.md
 
 
WSO2 ESB - WSO2-2021-1259.pdf
WSO2 ESB - WSO2-2021-1259.pdf
 
 

Repository files navigation

WSO2-2021-1259: H2 RCE via Malicious JDBC Connection String in WSO2 ESB

Due to the improper input validation, a remote code execution attack could be carried out using malicious H2 JDBC Connection Strings.

Vendor Disclosure:

The vendor's disclosure and fix for this vulnerability can be found here.

Why no CVE?

Neither me nor the vendor requested a CVE for this vulnerability.

Requirements:

This vulnerability requires:

  • Valid user credentials

Proof Of Concept:

More details and the exploitation process can be found in this PDF.

About

WSO2-2021-1259: H2 RCE via Malicious JDBC Connection String in WSO2 ESB

Topics

authenticated h2-database remote-code-execution 0-day wso2-2021-1259

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository