Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-25646

Published: 29/01/2021 Updated: 07/11/2023
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 805
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Subscribe to Apache

Vulnerability Summary

Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests. This functionality is intended for use in high-trust environments, and is disabled by default. However, in Druid 0.20.0 and previous versions, it is possible for an authenticated user to send a specially-crafted request that forces Druid to run user-provided JavaScript code for that request, regardless of server configuration. This can be leveraged to execute code on the target machine with the privileges of the Druid server process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache druid

Exploits

Exploit DB: Apache Druid 0.20.0 Remote Command Execution
Apache Druid includes the ability to execute user-provided JavaScript code embedded in various types of requests; however, that feature is disabled by default In Druid versions prior to 0201, an authenticated user can send a specially-crafted request that both enables the JavaScript code-execution feature and executes the supplied code all at on ...

Mailing Lists

Full Disclosure: CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary code.
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> CVE-2021-25646: Authenticated users can override system configurations in their requests which allows them to execute arbitrary ...

Github Repositories

https://github.com/j2ekim/cve-2021-25646

Apache Druid remote code execution vulnerability - Apache Druid 远程代码执行漏洞利用 CVE-2021-25646

Apache Druid 远程代码执行 CVE-2021-25646 by j2ekim 使用方法 python exppy -u [--url] -c [--command] python cve-2021-25646py -u 127001:8888 -c "ping 5ap7tadnslogcn" 漏洞复现文章 wwwadminxecom/2109html 使用需知 由于传播、利用此工具而造成的任何直接或者间接的

https://github.com/bealright/Poc-Exp

基于Pocsuite3编写的Poc&Exp

Poc-Exp 基于Pocsuite3编写的Poc&amp;Exp,同时也将自己手动复现的过程记录下来。 [*]CVE-2021-25646 [*] 正在更新中 ---

https://github.com/Vulnmachines/Apache-Druid-CVE-2021-25646

Apache-Druid-CVE-2021-25646 Youtube wwwyoutubecom/watch?v=-mdK5HSRiQU

https://github.com/lp008/CVE-2021-25646

Apache Druid RCE title="druid" &amp;&amp; title=="Apache Druid" POST /druid/indexer/v1/sampler?for=filter HTTP/11 Host: xxxx:8888 Content-Length: 612 Accept: application/json, text/plain, / Origin: xxxx:8888 User-Agent: Mozilla/50 (Windows NT 100; WOW64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/800398787 Safari/53736 SE 2X M

https://github.com/givemefivw/CVE-2021-25646

CVE-2021-25646 Apache Druid 远程代码执行漏洞 Wker脚本

CVE-2021-25646 Apache Druid 远程代码执行漏洞 Wker脚本 编写ing ===================================================================================== 首先感谢Wker大佬远程解答。 写脚本的目的在于练习。 使用 脚本是使用DNSLog进行判断,如果存在漏洞则会自动获取dnslog网址进行ping操作,将返回结果打印输出。 使

https://github.com/venkateshsunkari/Apache-Druid

Apache-Druid-CVE-2021-25646 Youtube wwwyoutubecom/watch?v=-mdK5HSRiQU

https://github.com/AirEvan/CVE-2021-25646-GUI

CSharp CVE-2021-25646-GUI

CVE-2021-25646-GUI 学习C#语言实现的一小demo,部分代码实现参考于网络。

https://github.com/W4nde3/toolkits

toolkits 存放一些自己编写的小工具 Python 脚本名称 工具简介 Basepy [16,32,36,58,62,64,85]编码解码工具 countcodepy 提取一个py文件中的所有类名和函数、全局函数、类函数 fofapy fofa api的python工具 Html 脚本名称 工具简介 runtie_exec_payload_generaterhtml javalangRuntimeexec() Payload Generater

https://github.com/xm88628/AfternoonTea

Store some the articles of collected

AfternoonTea Store some the articles of collected Setting Up a Kernel Debugging Environment pwningsystems/posts/setting-up-a-kernel-debugging-environment/ 2[web]SAML XML Injection researchnccgroupcom/2021/03/29/saml-xml-injection/ 3Debugging System with DCI and Windbg standa-noteblogspotcom/2021/03/debugging-system-with-dci-and-windbghtml 4CVE

https://github.com/lp008/Apache-Druid-RCE-CVE-2021-25646-

Apache Druid RCE title="druid" &amp;&amp; title=="Apache Druid" POST /druid/indexer/v1/sampler?for=filter HTTP/11 Host: xxxx:8888 Content-Length: 612 Accept: application/json, text/plain, / Origin: xxxx:8888 User-Agent: Mozilla/50 (Windows NT 100; WOW64) AppleWebKit/53736 (KHTML, like Gecko) Chrome/800398787 Safari/53736 SE 2X M

https://github.com/yaunsky/cve-2021-25646

Apache Druid 远程代码执行;检测脚本

Apache Druid 远程代码执行 漏洞概要 Apache Druid 官方发布安全更新,通报了一个远程代码执行漏洞,漏洞编号 CVE-2021-25646。由于 Apache Druid 默认情况下缺乏授权认证,攻击者可以发 送特制请求,利用 Druid 服务器上进程的特权执行任意代码。 Apache Druid 是用 Java 编写的面向列的开源分布式数据

https://github.com/dnr6419/Druid_docker

Apache Druid docker.

설치 및 실행 순서 Apache사에서 제공한 Druid에 대한 분석 환경 구축을 위한 docker-composeyml 파일입니다 8998번 포트를 이용하여 Remote Debugging 기능을 추가하였습니다 너무 많은 메모리 할당으로 인한 실행 딜레이를 줄였습니다 version : 0200 // 이 버전은 docker-composeyml 파일의 버전을 수정하

https://github.com/j2ekim/CVE-2021-25646

Apache Druid remote code execution vulnerability - Apache Druid 远程代码执行漏洞利用 CVE-2021-25646

Apache Druid 远程代码执行 CVE-2021-25646 by j2ekim 使用方法 python exppy -u [--url] -c [--command] python cve-2021-25646py -u 127001:8888 -c "ping 5ap7tadnslogcn" 漏洞复现文章 wwwadminxecom/2109html 使用需知 由于传播、利用此工具而造成的任何直接或者间接的

References

NVD-CWE-noinfohttps://lists.apache.org/thread.html/rfda8a3aa6ac06a80c5cbfdeae0fc85f88a5984e32ea05e6dda46f866%40%3Cdev.druid.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2021/01/29/6http://packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.htmlhttps://lists.apache.org/thread.html/r64431c2b97209f566b5dff92415e7afba0ed3bfab4695ebaa8a62e5d%40%3Cdev.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rc167d5e57f3120578718a7a458ce3e73b3830ac4efbb1b085bd06b92%40%3Cdev.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r20e0c3b10ae2c05a3aad40f1476713c45bdefc32c920b9986b941d8f%40%3Cannounce.apache.org%3Ehttps://lists.apache.org/thread.html/r4f84b542417ea46202867c0a8b3eaf3b4cfed30e09174a52122ba210%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rea9436a4063927a567d698431ddae55e760c3f876c22ac5b9813685f%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r121abe8014d381943b63c60615149d40bde9dc1c868bcee90d0d0848%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/rfeb775822cd3baef1595b60f6860f5ca849eb1903236483f3297bd5c%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r04fa1ba93599487c95a8497044d37f8c02a439bfcf92b4567bfb7c8f%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r87aa94e28dd21ee2252d30c63f01ab9cb5474ee5bdd98dd8d7d734aa%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r7dff4790e7a5c697fc0360adf11f5aeb31cd6ad80644fffee690673c%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/ra4225912f501016bc5e0ac44e14b8d6779173a3a1dc7baacaabcc9ba%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r5ef625076982aee7d23c23f07717e626b73f421fba5154d1e4de15e1%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r443e2916c612fbd119839c0fc0729327d6031913a75081adac5b43ad%40%3Cdev.druid.apache.org%3Ehttps://nvd.nist.govhttps://packetstormsecurity.com/files/162345/Apache-Druid-0.20.0-Remote-Command-Execution.htmlhttps://github.com/j2ekim/cve-2021-25646
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook