CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
7.0 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, was found in Apache roller 4.0/4.0.1/5.0/5.0.1. Affected is an unknown code block. The manipulation of the argument pageTitle
with an unknown input leads to a code injection vulnerability. CWE is classifying the issue as CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
Certain getText methods in the ActionSupport controller in Apache Roller before 5.0.2 allow remote attackers to execute arbitrary OGNL expressions via the first or second parameter, as demonstrated by the pageTitle parameter in the !getPageTitle sub-URL to roller-ui/login.rol, which uses a subclass of UIAction, aka "OGNL Injection."
The weakness was presented 12/07/2013 (Website). The advisory is available at rollerweblogger.org. This vulnerability is traded as CVE-2013-4212 since 06/12/2013. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. Technical details and a public exploit are known. This vulnerability is assigned to T1059 by the MITRE ATT&CK project.
A public exploit has been developed by Metasploit and been published before and not just after the advisory. The exploit is shared for download at exploit-db.com. It is declared as highly functional. The vulnerability was handled as a non-public zero-day exploit for at least 10 days. During that time the estimated underground price was around $25k-$100k. The commercial vulnerability scanner Qualys is able to test this issue with plugin 12802 (Apache Roller Multiple Vulnerabilities).
Upgrading to version 4.0.1 eliminates this vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 13465.
The vulnerability is also documented in the databases at X-Force (89239) and Exploit-DB (29859). See VDB-65657 for similar entry.
Product
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 7.0
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Code injectionCWE: CWE-94 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
Author: Metasploit
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Qualys ID: 🔍
Qualys Name: 🔍
MetaSploit ID: apache_roller_ognl_injection.rb
MetaSploit Name: Apache Roller OGNL Injection
MetaSploit File: 🔍
D2Sec: Apache Roller OGNL Injection
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: roller 4.0.1
TippingPoint: 🔍
ISS Proventia IPS: 🔍
PaloAlto IPS: 🔍
Fortigate IPS: 🔍
Timeline
06/12/2013 🔍10/31/2013 🔍
11/27/2013 🔍
11/27/2013 🔍
11/28/2013 🔍
12/07/2013 🔍
12/07/2013 🔍
03/24/2015 🔍
01/29/2018 🔍
Sources
Vendor: apache.orgAdvisory: rollerweblogger.org
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-4212 (🔍)
X-Force: 89239
Vulnerability Center: 42399 - Apache Roller 4 Before 5.0.2 Remote Code Execution Vulnerability via OGNL Injection, Medium
SecurityFocus: 63928
Secunia: 55862
OSVDB: 100342
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 03/24/2015 15:54Updated: 01/29/2018 16:09
Changes: 03/24/2015 15:54 (68), 01/29/2018 16:09 (11)
Complete: 🔍
Cache ID: 3:A5E:103
No comments yet. Languages: en.
Please log in to comment.