APP: Apache Dubbo Script Routing Type 1 Remote Code Execution
This signature detects attempts to exploit a known vulnerability against Apache Dubbo. A successful attack can lead to arbitrary code execution.
Extended Description
Apache Dubbo prior to 2.6.9 and 2.7.9 supports Script routing which will enable a customer to route the request to the right server. These rules are used by the customers when making a request in order to find the right endpoint. When parsing these rules, Dubbo customers use ScriptEngine and run the rule provided by the script which by default may enable executing arbitrary code.
Affected Products
Apache dubbo
Short Name
APP:MISC:APACHE-DUBBO-SCRPT-CE1
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
1 Apache CVE-2021-30181 Code Dubbo Execution Remote Routing Script Type
Release Date
07/01/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3508
Port
TCP/2181
False Positive
Unknown
Vendors
Apache
CVSS Score
7.5