APACHE

Apache shellshock(Bash)

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka ShellShock.
Bash shell since v.1.3
The Bash mistakenly exectutes trailing commands after a series of characters
Apache web servers that run CGI or .sh scripts are also vulnerable

it is vulnerable to .cgi scripts which can be manipulated and can be taken advantage of

2. Xoda file upload

80/tcp   open http Apache httpd 2.4.7 ((Ubuntu))

curl http://192.170.151.3

search xoda
use exploit/unix/webapp/xoda_file_upload
info
# Description:
#   This module exploits a file upload vulnerability found in XODA 
#   0.4.5. Attackers can abuse the "upload" command in order to upload a 
#   malicious PHP file without any authentication, which results in 
#   arbitrary code execution. The module has been tested successfully on 
#   XODA 0.4.5 and Ubuntu 10.04.
set TARGETURI /
run

Log4J
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)

PreviousWinRm NextFTP

Last updated 1 year ago

2. Xoda file upload

80/tcp   open http Apache httpd 2.4.7 ((Ubuntu))

curl http://192.170.151.3

search xoda
use exploit/unix/webapp/xoda_file_upload
info
# Description:
#   This module exploits a file upload vulnerability found in XODA 
#   0.4.5. Attackers can abuse the "upload" command in order to upload a 
#   malicious PHP file without any authentication, which results in 
#   arbitrary code execution. The module has been tested successfully on 
#   XODA 0.4.5 and Ubuntu 10.04.
set TARGETURI /
run

Apache httpd 2.4.7-XODA Vulnerability

Log4J

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)

Apache Tomcat

Apache shellshock(Bash)

2. Xoda file upload

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)

Apache shellshock(Bash)

2. Xoda file upload

Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution (2)