Help
FortiDAST
FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
rdiwakar
Staff
Staff

Created on ‎09-05-2024 04:10 AM

Article Id 339266

Outbreak Alert: Apache OFBiz RCE Attack

Description

This outbreak alert on Apache OFBiz covers two vulnerability that is CVE-2024-38856 and CVE-2024-36104.

 

CVE-2024-36104 is a path traversal vulnerability affecting Apache OFBiz, an open-source enterprise application platform. The vulnerability stems from a flaw in the way Apache OFBiz handles file paths in HTTP requests. Under certain conditions, an attacker can manipulate the file path to access sensitive files outside of the intended directory. An attacker can potentially access and steal sensitive files, such as configuration files, source code, or user data.

 

CVE-2024-38856 is a critical security vulnerability affecting Apache OFBiz, a popular open-source enterprise application platform. The vulnerability stems from a flaw in the authorization mechanism of Apache OFBiz. Under certain conditions, unauthenticated users can execute screen rendering code, which could potentially lead to remote code execution on a vulnerable system. An attacker can potentially gain complete control over the vulnerable system, including stealing sensitive data, disrupting operations, or installing malware.

 

This article describes the assessment of Remote Code Execution and Path Traversal vulnerability in Apache OFBiz software.
Scope

FortiDAST Scripting Engine updated in version 24.3.0-build0014(GA)
Solution

Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).

 

This technology enables FortiDAST to assess remotely with a high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.

 

To configure the scan, it will be necessary to enable the FSE group signature 'apache-ofbiz' which will select the underlying scripts as per the scan requirement: 'CVE-2024-36104 Apache OFBiz - Path Traversal Vulnerability' and 'CVE-2024-38856 Apache OFBiz - Remote Code Execution Vulnerability.'

 

For reference, a step-by-step guide on how to configure FortiDAST to trigger FSE can be found on Fortinet’s blog:

https://www.fortinet.com/blog/business-and-technology/fortipentest-exploit-engine-a-new-security-ars...
596
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.