|
|||
Rule General Information |
---|
Release Date: | 2020-06-28 | |
Rule Name: | Apache Dubbo Provider Deserialization Remote Code Execution Vulnerability (CVE-2020-1948) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | A remote code execution vulnerability was found in Apache Dubbo. An attacker can send RPC requests with unrecognized service name or method name along with some malicious parameter payloads. When the malicious parameter is deserialized, it will execute some malicious code. | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Linux, Others | |
Reference: | ||
Solutions |
---|
Upgrade to version 2.7.7 or higher to fix this vulnerability. |