HTTP: Lucee Server Code Execution

This signature detects attempts to exploit a known vulnerability against Lucee Server. A successful attack can lead to arbitrary code execution.

Extended Description

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.

Affected Products

Lucee lucee_server

References

CVE: CVE-2021-21307

Short Name
HTTP:CTS:LUCEE-SERVER-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-21307 Code Execution Lucee Server
Release Date
11/15/2022
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3545
False Positive
Unknown
Vendors

Lucee

Found a potential security threat?