New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Apache OfBiz ERP System 0day #18644

Closed

h00die opened this issue Dec 28, 2023 · 2 comments · Fixed by #18681

Labels

suggestion-module

Contributor

h00die commented Dec 28, 2023

Summary

https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/

https://thehackernews.com/2023/12/critical-zero-day-in-apache-ofbiz-erp.html

https://www.bleepingcomputer.com/news/security/apache-ofbiz-rce-flaw-exploited-to-find-vulnerable-confluence-servers/

Basic example

ALL UNTESTED

https://github.com/abdoghazy2015/ofbiz-CVE-2023-49070-RCE-POC

(that is for the almost fixed issue which is now re-exploitable with CVE-2023-51467)

h00die added the suggestion-module label

h00die mentioned this issue

Update apache_ofbiz_deserialization to include auth bypass #18681

Merged

6 tasks

Contributor Author

h00die commented Jan 11, 2024

https://github.com/vulncheck-oss/cve-2023-51467/blob/main/cve-2023-51467.go

Contributor Author

h00die commented Jan 11, 2024

https://xz.aliyun.com/t/13211?time__1311=mqmxnDBD9AYDq40vd4%2BxCwuQUG8WHaK1e4D

jheysel-r7 closed this as completed in #18681

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment