Neo4J 跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1162796 漏洞类型 跨站请求伪造
发布时间 2013-08-06 更新时间 2013-08-06
CVE编号 CVE-2013-7259 CNNVD-ID CNNVD-201404-574
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://www.securityfocus.com/bid/64806
https://cxsecurity.com/issue/WLB-2014010010
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201404-574
|漏洞详情
Neo4j是美国Neo4j公司的一款基于Java的且完全兼容ACID的图形数据库,它支持数据迁移、附加组件等。 Neo4J 1.9.2版本中存在跨站请求伪造漏洞。远程攻击者可通过向db/data/ext/GremlinPlugin/graphdb/execute_script页面或db/manage/server/console/页面发送请求利用该漏洞执行任意代码。
|漏洞EXP
Hi,

Last August, Dinis Cruz wrote a blog entry [1] detailing a CSRF attack
on a Neo4J Server resulting in an RCE. The server's documentation [2]
mentions the following.

"By default, the Neo4j Server comes with some places where arbitrary
code code execution can happen. These are the Section 19.15,
“Traversals” REST endpoints. To secure these, either disable them
completely by removing offending plugins from the server class-path, or
secure access to these URLs through proxies or Authorization Rules."

This could mean that the RCE itself is not CVE worthy as it is a
documented/expected behavior. However, should the CSRF flaw be
considered a vulnerability and assigned a CVE?

Regards,
Arun

[1]
http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
[2]
http://docs.neo4j.org/chunked/stable/security-server.html#_arbitrary_code_execution

-- 
Arun Neelicattu / Red Hat Security Response Team 
PGP: 0xC244393B 5229 F596 474F 00A1 E416  CF8B 36F5 5054 C244 393B
|受影响的产品
Neo Technology Neo4j 2.0 community edition
|参考资料

来源:MLIST
名称:[oss-security]20140103Re:Neo4JCSRF:PotentialCVEcandidate
链接:http://www.openwall.com/lists/oss-security/2014/01/03/8
来源:MLIST
名称:[oss-security]20140103Neo4JCSRF:PotentialCVEcandidate
链接:http://www.openwall.com/lists/oss-security/2014/01/03/3
来源:github.com
链接:https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j
来源:blog.diniscruz.com
链接:http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html