HTTP: H2 Database Console JNDI Injection
This signature detects attempts to exploit a known vulnerability against H2 Database Console. A successful attack can lead to command injection and arbitrary code execution.
Extended Description
The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. An attacker may pass a JNDI driver name and a URL leading to a LDAP or RMI servers, causing remote code execution. This can be exploited through various attack vectors, most notably through the H2 Console which leads to unauthenticated remote code execution.
Affected Products
Oracle communications_cloud_native_core_policy
Short Name
HTTP:CTS:H2-DB-CONSOLE-INJ
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-42392 Console Database H2 Injection JNDI
Release Date
01/27/2022
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Oracle
H2database
Debian
CVSS Score
10.0