Hillstone Networks

RULE（RULE ID：338228）

Rule General Information


Release Date:		2024-07-03

Rule Name:		Geoserver Jxpath Remote Code Execution Vulnerability (CVE-2024-36401)

Severity:

CVE ID:

Rule Protection Details


Description:		GeoServer is an open-source server used for sharing, processing, and editing geospatial data. It supports multiple map and data standards, allowing users to access and operate Geographic Information System (GIS) data through the network. GeoServer has a remote code execution vulnerability, which allows attackers to pass in malicious XPath expressions without authentication and execute arbitrary code. The affected versions are 2.25.0 <= GeoServer < 2.25.2、2.24.0 <= GeoServer < 2.24.4、GeoServer < 2.23.6.

Impact:		An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software.

Affected OS:		Windows, Linux, Others

Reference:		https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv

Solutions

Refer to the announcement or patch by the vendor: https://geoserver.org