all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache Commons Text 1.9 Remote Code Execution

Add to bookmarks
Jan. 19, 2024, 3:24 p.m. |

Packet Storm packetstormsecurity.com

This Metasploit module exploit takes advantage of the StringSubstitutor interpolator class, which is included in the Commons Text library. A default interpolator allows for string lookups that can lead to remote code execution. This is due to a logic flaw that makes the script, dns and url lookup keys interpolated by default, as opposed to what it should be, according to the documentation of the StringLookupFactory class. Those keys allow an attacker to execute arbitrary code via lookups primarily using …

apache apache commons apache commons text can class code code execution commons commons text default dns exploit flaw keys library logic metasploit remote code remote code execution script text url

Visit resource

More from packetstormsecurity.com / Packet Storm

Packet Storm New Exploits For April, 2024 12 hours ago | packetstormsecurity.com
april archive exploits packet +2
Ubuntu Security Notice USN-6760-1 12 hours ago | packetstormsecurity.com
attacker data denial of service file +11
Kernel Live Patch Security Notice LSN-0103-1 12 hours ago | packetstormsecurity.com
attacker con data expose +20
Microsoft PlayReady Cryptography Weakness 12 hours ago | packetstormsecurity.com
attack beyond cryptography extraction +15
Online Tours And Travels Management System 1.0 SQL Injection 12 hours ago | packetstormsecurity.com
injection management management system sql +6
Qantas App Glitch Sees Boarding Passes Fly To Other Accounts 12 hours ago | packetstormsecurity.com
accounts app data loss flaw +4
Adobe Adds Content Credentials And Firefly To Bug Bounty Program 12 hours ago | packetstormsecurity.com
adobe bounty bug bug bounty +5
Google Boosts Bug Bounty Payouts Tenfold In Mobile App Security Push 12 hours ago | packetstormsecurity.com
app bounty bug bug bounty +6
London Drugs Pharmacy Closes All Stores To Respond To Cyber Incident 12 hours ago | packetstormsecurity.com
britain cyber cyber incident data loss +8

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Social Engineer For Reverse Engineering Exploit Study

@ Independent study | Remote
View on infosec-jobs.com

Security Engineer II- Full stack Java with React

@ JPMorgan Chase & Co. | Hyderabad, Telangana, India
View on infosec-jobs.com

Cybersecurity SecOps

@ GFT Technologies | Mexico City, MX, 11850
View on infosec-jobs.com

Senior Information Security Advisor

@ Sun Life | Sun Life Toronto One York
View on infosec-jobs.com

Contract Special Security Officer (CSSO) - Top Secret Clearance

@ SpaceX | Hawthorne, CA
View on infosec-jobs.com

Early Career Cyber Security Operations Center (SOC) Analyst

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com
View more jobs