FortiGuard Outbreak Alert: Apache OFBiz RCE

kcheung · ‎09-04-2024

Description

Apache OFBiz is an enterprise resource planning system which contains a suite of tools for business to manage their various business operations.

CVE-2024-36104 is a path traversal vulnerability which allows endpoints to be exposed to unauthenticated users leading to RCE.

CVE-2024-38856 is a pre-authentication RCE vulnerability which allows attackers to send specially crafted request to perform RCE without path traversal.

The following Apache OFBiz version are affected:

Apache OFBiz 18.12.13 or below for CVE-2024-36104
Apache OFBiz 18.12.14 or below for CVE-2024-38856

CVE ID

CVE-2024-36104 (https://nvd.nist.gov/vuln/detail/CVE-2024-36104)

CVE-2024-38856 (https://nvd.nist.gov/vuln/detail/CVE-2024-38856)

NDR Cloud Detection Rule

FortiNDR Cloud v2024.8+

Detection Rule Name	Category	Primary MITRE ID
FortiGuard Outbreak Alert: Apache OFBiz Remote Code Execution Attempt - CVE-2024-38856	Attack:Exploitation	T1190 -  Exploit Public-Facing Application

Playbook

N/A

Threat Hunting

N/A

Suricata Coverage

Customers can create custom investigation/detections using the Suricata signatures below
2054947 -> ET WEB_SPECIFIC_APPS Apache OFBiz Pre-Auth Remote Code Execution Attempt (CVE-2024-38856)

2053485 -> ET WEB_SPECIFIC_APPS Apache OFBiz Directory Traversal Remote Code Execution Attempt (CVE-2024-36104)

Other Fortinet Product

For more details regarding mitigating the vulnerability by utilizing Fortinet products, please refer to
https://www.fortiguard.com/outbreak-alert/apache-ofbiz-rce

FortiGuard Outbreak Alert: Apache OFBiz RCE

You are leaving our website