Apache Dubbo Introduction
Apache Dubbo is an open high-performance, light weight, Java based RPC framework. Dubbo offers three key functionalities, including interface based remote call, fault tolerance and load balancing, and automatic service registration and discovery. It adopts layered architecture to decouple all the layers, and provides service with two roles, provider and consumer.

Vulnerability Summary
The Apache Dubbo module used for handling HTTP requests contains a deserialization vulnerability, which has similar exploitation method with other deserialization vulnerabilities in Java based middleware. Apache Dubbo handles message body improperly, which causes deserialization. When Dubbo project package includes available gadgets, attackers can send malicious deserializated data via HTTP protocol. This vulnerability will be triggered when Dubbo serializes the malicious data. Attackers can exploit this vulnerability to execute arbitrary code on affected Apache Dubbo servers.

Vulnerability Reproduction
Build the environment Apache Dubbo2.7.3 + ZooKeeper3.4.9, start ZooKeeper, and import Dubbo project maven to idea. If you see the following information, it indicates the environment is built successfully.

The figures below show malicious data is transmitted to server via HTTP protocol and executed on the target server.
Affected Versions
Affected Apache Dubbo versions:

Apache Dubbo 2.7.0 -

Apache Dubbo 2.6.0 - 2.6.7

Apache Dubbo 2.5.x

2020/02/11 Apache Dubbo released this vulnerability.

2020/02/15 Sangfor Qianli security team analyzed the vulnerability, and released alerts and solutions.


Remediation Solution
1. Apache Dubbo has fixed this vulnerability. Please visit the following link to download the latest version.


Sangfor Solution
For Sangfor NGAF customers, keep NGAF security protection rules up to date.

Sangfor Cloud WAF has updated database immediately in the cloud. Users can be protected from high risk easily and rapidly without performing any operation.

Sangfor Cyber Command is capable of detecting attacks exploiting this vulnerability and alerting users. Users can correlate Cyber Command to Sangfor NGAF to block attacker IP address.

Listen To This Post



Dont Miss Our Newest Article by Subscribing to Sangfor

Related Articles

Cyber Security

Parrot TDS Infects Thousands of Websites for Targeted Malware Distribution

Date : 12 May 2022
Read Now

Cyber Security

What Is A DDOS Attack | How Does It Work | Sangfor Glossary

Date : 05 May 2022
Read Now

Cyber Security

What Is DLP (Data Loss Prevention) | Sangfor Glossary

Date : 05 May 2022
Read Now

See Other Product

SASE Access
Cyber Command - NDR Platform
Endpoint Secure
icon notification