HTTP: Geoserver Java Advanced Imaging EXT Code Injection
This signature detects attempts to exploit a known vulnerability against Geoserver Java Advanced Imaging EXT. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
JAI-EXT is an open-source project which aims to extend the Java Advanced Imaging (JAI) API. Programs allowing Jiffle script to be provided via network request can lead to a Remote Code Execution as the Jiffle script is compiled into Java code via Janino, and executed. In particular, this affects the downstream GeoServer project. Version 1.2.22 will contain a patch that disables the ability to inject malicious code into the resulting script. Users unable to upgrade may negate the ability to compile Jiffle scripts from the final application, by removing janino-x.y.z.jar from the classpath.
Affected Products
Geosolutionsgroup jai-ext
References
CVE: CVE-2022-24816
Short Name
HTTP:CTS:GEOSRVR-EXT-CI
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Advanced CVE-2022-24816 Code EXT Geoserver Imaging Injection Java
Release Date
04/24/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3802
False Positive
Unknown
Vendors
Geosolutionsgroup