.. / CVE-2024-36401

Exploit for GeoServer RCE in Evaluating Property Name Expressions (CVE-2024-36401)

Description:

In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.

Nuclei Template

View the template here CVE-2024-36401.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-36401.yaml
Copy

References:

https://github.com/vulhub/vulhub/tree/master/geoserver/CVE-2024-36401
https://x.com/sirifu4k1/status/1808270303275241607
https://nvd.nist.gov/vuln/detail/CVE-2024-36401
https://github.com/advisories/GHSA-6jj6-gm7p-fcvv