Apache Dubbo < 2.7.7 - Remote Code Execution via Untrusted Data Deserialization
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2020-1948. PoCs published by richardzhangcmplx, ctlyz123, txrw.
AI-analyzed exploit summary This repository contains a proof-of-concept exploit for CVE-2020-1948, targeting Apache Dubbo's Hessian deserialization vulnerability. It includes tools for generating JNDI injection payloads and a Python script to send malicious Hessian payloads to vulnerable endpoints.
Description
This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. More details can be found below.
Exploits (4)
This repository contains a proof-of-concept exploit for CVE-2020-1948, targeting Apache Dubbo's Hessian deserialization vulnerability. It includes tools for generating JNDI injection payloads and a Python script to send malicious Hessian payloads to vulnerable endpoints.
This repository appears to be a legitimate Apache Dubbo Spring Boot project with no exploit code. It contains configuration files, autoconfigure modules, and actuator endpoints, but no proof-of-concept exploit for CVE-2020-1948.
This repository provides a functional test environment for CVE-2020-1948, a deserialization vulnerability in Apache Dubbo. It includes a modified Dubbo Spring Boot sample to demonstrate the vulnerability, with instructions for compilation, execution, and containerization.
This PoC exploits CVE-2020-1948, a deserialization vulnerability in Apache Dubbo, by sending a malicious payload to trigger an LDAP connection. It uses the Hessian2 decoder to craft a malicious object chain involving JdbcRowSetImpl and ToStringBean.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H