Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2021-25641

Published: 01/06/2021 Updated: 10/06/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Apache

Vulnerability Summary

Each Apache Dubbo server will set a serialization id to tell the clients which serialization protocol it is working on. But for Dubbo versions prior to 2.7.8 or 2.6.9, an attacker can choose which serialization id the Provider will use by tampering with the byte preamble flags, aka, not following the server's instruction. This means that if a weak deserializer such as the Kryo and FST are somehow in code scope (e.g. if Kryo is somehow a part of a dependency), a remote unauthenticated attacker can tell the Provider to use the weak deserializer, and then proceed to exploit it.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache dubbo

Github Repositories

https://github.com/threedr3am/dubbo-exp

dubbo学习demo,之前删了,重新上传。

工具仅用于安全研究以及内部自查,禁止使用工具发起非法攻击,造成的后果使用者负责 Dubbo反序列化测试工具 零、编译&构建 mvn assembly:single 一、使用帮助 usage: java -jar expjar [OPTION] - -h --help 帮助信息 - -l --list 输出所有gadget信息

https://github.com/l0n3rs/CVE-2021-25641

A Exploit Tool For CVE-2021-25641.

CVE-2021-25641 A Exploit Tool For CVE-2021-25641 All dependencies was packed,You don't care the dependencies problem If you have dependencies you can just donwload the CVE-2021-25641jar to run Used for: Basic dubbo-common <=273 Dubbo 270 to 278 Dubbo 260 to 269 Dubbo all 25x versions (not supported by official team any longer)

https://github.com/Dor-Tumarkin/CVE-2021-25641-Proof-of-Concept

Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets

The 0xDABB of Doom - CVE-2021-25641-Proof-of-Concept Apache/Alibaba Dubbo &lt;= 273 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions &lt;= 276 With Different Gadgets Covered in-depth in the article "The 0xDABB of Doom", published on the Checkmarx blog wwwcheckmarxcom/blog/technical-blog/the-0xdabb-of-doom-cv

References

CWE-502https://lists.apache.org/thread.html/r99ef7fa35585d3a68762de07e8d2b2bc48b8fa669a03e8d84b9673f3%40%3Cdev.dubbo.apache.org%3Ehttps://nvd.nist.govhttps://github.com/threedr3am/dubbo-exp
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook