HTTP: Apache OFBiz Multiple Insecure Deserialization
This signature detects attempts to exploit a known vulnerability against Apache OFBiz. A successful attack can lead to arbitrary code execution.
Extended Description
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Affected Products
Apache ofbiz
References
CVE: CVE-2023-49070
URL: https://lists.apache.org/thread.html/r3c1802eaf34aa78a61b4e8e044c214bc94accbd28a11f3a276586a31%40%3Cuser.ofbiz.apache.org%3E https://ofbiz.apache.org/security.html https://lists.apache.org/thread.html/rb3f5cd65f3ddce9b9eb4d6ea6e2919933f0f89b15953769d11003743%40%3Cdev.ofbiz.apache.org%3E https://lists.apache.org/thread/jmbqk2lp4t4483whzndp5xqlq4f3otg3
Short Name
HTTP:APACHE:OFBIZ-INSEC-DES
Severity
Critical
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Apache CVE-2021-26295 CVE-2021-29200 CVE-2021-30128 CVE-2023-49070 Deserialization Insecure Multiple OFBiz
Release Date
04/07/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3727
False Positive
Rarely
Vendors
Apache
CVSS Score
7.5
10.0