HTTP: Apache OFBiz loadJWT Authentication Bypass
This signature detects attempts to exploit a known vulnerability against Apache OFBiz. A successful attack can lead to security bypass.
Extended Description
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue.
Affected Products
Apache ofbiz
References
CVE: CVE-2024-25065
URL: https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc
Short Name
HTTP:APACHE:OFBIZ-JWT-AUTH-BYPS
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache Authentication Bypass CVE-2024-25065 OFBiz loadJWT
Release Date
04/30/2024
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3805
False Positive
Unknown
Vendors
Apache