Detections
Analytics

Apache OFBiz Nested Expression Arbitrary UEL Function Execution

critical Nessus Plugin ID 69100

Language:

Synopsis

The remote web application is affected by a code execution vulnerability.

Description

The version of Apache OFBiz hosted on the remote host is affected by a code execution vulnerability that could allow the execution of arbitrary UEL functions. Specially crafted input passed to the getInstance() method of the FlexibleStringExpander class can result in the evaluation of nested Java Unified Expression Language expressions. A remote, unauthenticated attacker could exploit this to execute arbitrary UEL functions.

Note that the application is reportedly also affected by a cross-site scripting vulnerability in the 'View Log' page of the Webtools application; however, Nessus has not tested for this issue.

Solution

Upgrade to Apache OFBiz 10.04.06 / 11.04.03 / 12.04.02 or later.

See Also

https://seclists.org/bugtraq/2013/Jul/142

http://svn.apache.org/viewvc?view=revision&revision=1500772

Plugin Details

Severity: Critical

ID: 69100

File Name: ofbiz_nested_script_uel_function_execution.nasl

Version: 1.6

Type: remote

Family: CGI abuses

Published: 7/29/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:apache:open_for_business_project

Required KB Items: www/ofbiz/port

Exploit Ease: No exploit is required

Patch Publication Date: 7/8/2013

Vulnerability Publication Date: 7/20/2012

Reference Information

CVE: CVE-2013-2250

BID: 61369