Описание
Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Product
- Press/Media CoverageThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- Vendor Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Product
- Press/Media CoverageThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 5.3.5.00 (включая) до 5.3.5.96 (исключая)Версия от 5.3.6.00 (включая) до 5.3.6.68 (исключая)Версия от 5.3.7.00 (включая) до 5.3.7.47 (исключая)
Одно из
cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*
cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*
cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.92213
Критический
8.6 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-862
EPSS
Процентиль: 100%
0.92213
Критический
8.6 High
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-862