Remote Code Execution Vulnerability in Apache Struts
CVE-2023-51467

9.8CRITICAL

Key Information:

Vendor
Apache
Status
Apache Ofbiz
Vendor
CVE Published:
26 December 2023

Badges

πŸ“ˆ TrendedπŸ‘Ύ Exploit Exists🟑 Public PoC🟣 EPSS 62%πŸ“° News Worthy

What is CVE-2023-51467?

CVE-2023-51467 is a severe vulnerability identified in the Apache Struts framework, a widely used open-source software platform designed for building web applications. This vulnerability specifically allows attackers to bypass authentication mechanisms, granting them the ability to remotely execute arbitrary code on affected systems. Given that Apache Struts powers numerous enterprise applications, the presence of this vulnerability poses a significant threat to organizations, as it can lead to unauthorized access, data manipulation, and system exploitation.

Technical Details

This vulnerability stems from underlying flaws in the authentication processes of Apache Struts that enable circumvention by malicious actors. By exploiting this weakness, attackers can execute code with the same permissions as the application, potentially allowing them to perform a wide range of harmful actions, such as accessing sensitive data, manipulating application behavior, or launching further attacks within the network.

Potential Impact of CVE-2023-51467

  1. Unauthorized Access: The ability to bypass authentication allows attackers to gain unauthorized control of affected systems, leading to potential data breaches and loss of sensitive information.

  2. System Compromise: With remote code execution capabilities, attackers can install malware or launch additional exploits, thereby compromising the integrity of the entire system or application.

  3. Operational Disruption: Exploitation of this vulnerability can lead to significant operational disruptions, as organizations may be forced to suspend services, investigate breaches, and implement emergency patching, resulting in downtime and financial loss.

Affected Version(s)

Apache OFBiz 0 < 18.12.11

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Apache-OFBiz-Authentication-Bypass
Created by jakabakos

CVE-2023-51467-Exploit
Created by JaneMandy

CVE-2023-51467-EXPLOIT
Created by K3ysTr0K3R

News Articles

favicon imageThe Hacker News

New PoC Exploit for Apache OfBiz Vulnerability Poses Risk to ERP Systems

Researchers expose critical flaw in Apache OFBiz, CVE-2023-51467, enabling stealthy memory-resident attacks

1 year ago

favicon imageSecurityWeek

Critical Apache OFBiz Vulnerability in Attacker Crosshairs

Shadowserver sees possible in-the-wild exploitation of a critical Apache OFBiz vulnerability tracked as CVE-2023-49070.

1 year ago

favicon imageSC Magazine

Authentication bypass likely with new critical Apache OFBiz zero-day

Threat actors could evade authentication protections in Apache's OFBiz enterprise resource planning system by abusing a novel critical zero-day flaw, tracked as CVE-2023-51467, reports The Hacker News.

1 year ago

References

https://ofbiz.apache.org/download.html
mitigation
https://ofbiz.apache.org/security.html
related
https://ofbiz.apache.org/release-notes-18.12.11.html
release-notes

EPSS Score

62% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ“°

    First article discovered by Security Boulevard

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database6 Proof of Concept(s)6 News Article(s)

Credit

Hasib Vhora, Senior Threat Researcher, SonicWall
Gao Tian
L0ne1y
.