Tag :
Cyber Security

Description

Apache Dubbo Introduction

Apache Dubbo is an open high-performance, light weight, Java based RPC framework. Dubbo offers three key functionalities, including interface based remote call, fault tolerance and load balancing, and automatic service registration and discovery. It adopts layered architecture to decouple all the layers, and provides service with two roles, provider and consumer.

Vulnerability Summary

The Apache Dubbo module used for handling HTTP requests contains a deserialization vulnerability, which has similar exploitation method with other deserialization vulnerabilities in Java based middleware. Apache Dubbo handles message body improperly, which causes deserialization. When Dubbo project package includes available gadgets, attackers can send malicious deserializated data via HTTP protocol. This vulnerability will be triggered when Dubbo serializes the malicious data. Attackers can exploit this vulnerability to execute arbitrary code on affected Apache Dubbo servers.

Vulnerability Reproduction

Build the environment Apache Dubbo2.7.3 + ZooKeeper3.4.9, start ZooKeeper, and import Dubbo project maven to idea. If you see the following information, it indicates the environment is built successfully.

Apache Dubbo Deserialization Vulnerability CVE-2019-17564 1

The figures below show malicious data is transmitted to server via HTTP protocol and executed on the target server.

Apache Dubbo Deserialization Vulnerability CVE-2019-17564 2

Affected Versions

Affected Apache Dubbo versions:

Apache Dubbo 2.7.0 - 2.7.4.1

Apache Dubbo 2.6.0 - 2.6.7

Apache Dubbo 2.5.x

Timeline

2020/02/11 Apache Dubbo released this vulnerability.

2020/02/15 Sangfor Qianli security team analyzed the vulnerability, and released alerts and solutions.

Solution

Remediation Solution

1. Apache Dubbo has fixed this vulnerability. Please visit the following link to download the latest version.

Link: https://github.com/apache/dubbo/tree/master

Sangfor Solution

  • For Sangfor NGAF customers, keep NGAF security protection rules up to date.
  • Sangfor Cloud WAF has updated database immediately in the cloud. Users can be protected from high risk easily and rapidly without performing any operation.
  • Sangfor Cyber Command is capable of detecting attacks exploiting this vulnerability and alerting users. Users can correlate Cyber Command to Sangfor NGAF to block attacker IP address.

Listen To This Post

Search

Keyword maximum 256 character

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

New TellYouThePass Ransomware Variant Discovered In The Wild

Date : 25 Mar 2024
Read Now

New Mallox Ransomware Variant Discovered In The Wild

Date : 12 Mar 2024
Read Now

Multiple Vulnerabilities in VMware Products (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255)

Date : 08 Mar 2024
Read Now

See Other Product

Best Darktrace Cyber Security Competitors and Alternatives in 2024
Sangfor Omni-Command
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
Sangfor Network Secure - Next Generation Firewall

Meet the Author

sangfor building image

Sangfor Technologies

Sangfor Technologies is a leading vendor of Cyber Security and Cloud Computing solutions. The majority of the blogs that you are seeing here are written by professionals working at Sangfor. We have a team of content writers, product managers and marketing experts who are taking care of writing articles on various topics that are relevant to our audience. Our team ensures that the articles published are factually correct and helpful to our customers and partners to know more about the recent trends on Cyber Security and Cloud, and how it can help their organizations.

  • facebook
  • twitter
  • linkedin
  • youtube
  • instagram
See Author's Detail