 6 minutes
 
                            6 minutes 
                            Conf42 IoT 2024: At the Edge of Robotic Applications
At the latest Conf42 Internet of Things (IoT) 2024 conference, our Payarans deliver a keynote, titled “At the Edge […]
 
 
                        The vulnerability in question is CVE-2023-28462, which was requested directly by Payara.
It is a JNDI Exploit using ‘context.rebind` method when running Payara Server on an older JDK 8 Update. The JNDI exploit can be triggered via access to insecure ORB listeners exposed by a Payara Server installation.
This vulnerability allows remote attackers to load malicious code into a Payara Server installation that is public facing (exposed on the Internet) using remote JNDI access via unsecured ORB listeners. The vulnerability is dangerous in the sense that it allows attackers to load the remote exploit only by knowing the location of any unsecured ORB listener (hostname and port).
However, the vulnerability only affects server environments running on Java 1.8 on running on updates lower than 1.8u191. If the server environment runs in a newer update or if it runs on JDK11+ the exploit cannot be triggered under any circumstance.
To deal with this vulnerability, follow these instructions:
Credit to discovering this vulnerability goes to tr1ple from AntGroup FG.
Share:
 6 minutes
 
                            6 minutes 
                            At the latest Conf42 Internet of Things (IoT) 2024 conference, our Payarans deliver a keynote, titled “At the Edge […]
 5 minutes
 
                            5 minutes 
                            Java has been a core element of enterprise application development for decades, and its relevance will continue to grow […]
 5 minutes
 
                            5 minutes 
                            For technology companies, cost effectiveness in software and application development isn’t just about saving money. It is about delivering […]