CVE-2021-21307 - Vulnerability Details - OpenCVE

Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lucee	Lucee Server

Configuration 1 [-]

OR	cpe:2.3:a:lucee:lucee_server::::::::
	cpe:2.3:a:lucee:lucee_server::::::::
	cpe:2.3:a:lucee:lucee_server::::::::

No data.

References

Link	Providers
http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response
http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html
https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643
https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md
https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca
https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r
https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-02-11T18:20:21

Updated: 2024-08-03T18:09:15.162Z

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21307

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-02-11T19:15:13.313

Modified: 2024-11-21T05:47:59.323

Link: CVE-2021-21307

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Lucee", "vendor": "lucee", "versions": [{"status": "affected", "version": ">= 5.3.5.0, < 5.3.5.96"}, {"status": "affected", "version": ">= 5.3.6.0, < 5.3.6.68"}, {"status": "affected", "version": ">= 5.3.7.0, < 5.3.7.47"}]}], "descriptions": [{"lang": "en", "value": "Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-08-17T16:06:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca"}, {"tags": ["x_refsource_MISC"], "url": "https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md"}, {"tags": ["x_refsource_MISC"], "url": "https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal"}, {"tags": ["x_refsource_MISC"], "url": "http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html"}], "source": {"advisory": "GHSA-2xvv-723c-8p7r", "discovery": "UNKNOWN"}, "title": "Remote Code Exploit in Lucee Admin", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21307", "STATE": "PUBLIC", "TITLE": "Remote Code Exploit in Lucee Admin"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Lucee", "version": {"version_data": [{"version_value": ">= 5.3.5.0, < 5.3.5.96"}, {"version_value": ">= 5.3.6.0, < 5.3.6.68"}, {"version_value": ">= 5.3.7.0, < 5.3.7.47"}]}}]}, "vendor_name": "lucee"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862: Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r", "refsource": "CONFIRM", "url": "https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r"}, {"name": "https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca", "refsource": "MISC", "url": "https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca"}, {"name": "https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643", "refsource": "MISC", "url": "https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643"}, {"name": "https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md", "refsource": "MISC", "url": "https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md"}, {"name": "https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal", "refsource": "MISC", "url": "https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal"}, {"name": "http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response", "refsource": "MISC", "url": "http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response"}, {"name": "http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html"}]}, "source": {"advisory": "GHSA-2xvv-723c-8p7r", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:09:15.162Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21307", "datePublished": "2021-02-11T18:20:21", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2024-08-03T18:09:15.162Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "F63963E7-D380-493F-B75B-4FBCDD646D97", "versionEndExcluding": "5.3.5.96", "versionStartIncluding": "5.3.5.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "3653F1B9-18A4-4AA2-906E-C74FD9FF0611", "versionEndExcluding": "5.3.6.68", "versionStartIncluding": "5.3.6.00", "vulnerable": true}, {"criteria": "cpe:2.3:a:lucee:lucee_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "9ED241BC-C6BA-4DBC-BD08-3FC8A529350E", "versionEndExcluding": "5.3.7.47", "versionStartIncluding": "5.3.7.00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Lucee Server is a dynamic, Java based (JSR-223), tag and scripting language used for rapid web application development. In Lucee Admin before versions 5.3.7.47, 5.3.6.68 or 5.3.5.96 there is an unauthenticated remote code exploit. This is fixed in versions 5.3.7.47, 5.3.6.68 or 5.3.5.96. As a workaround, one can block access to the Lucee Administrator."}, {"lang": "es", "value": "Lucee Server es un lenguaje din\u00e1mico, de etiquetado y scripting de comandos basado en Java (JSR-223) que es utilizado para el desarrollo r\u00e1pido de aplicaciones web. En Lucee Admin anterior a versiones 5.3.7.47, 5.3.6.68 o 5.3.5.96 se presenta una explotaci\u00f3n de c\u00f3digo remota no autenticada. Esto es corregido en las versiones 5.3.7.47, 5.3.6.68 o 5.3.5.96. Como soluci\u00f3n alternativa, se puede bloquear el acceso a Lucee Administrator"}], "id": "CVE-2021-21307", "lastModified": "2024-11-21T05:47:59.323", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-11T19:15:13.313", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca"}, {"source": "security-advisories@github.com", "tags": ["Product"], "url": "https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r"}, {"source": "security-advisories@github.com", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "http://ciacfug.org/blog/updating-lucee-as-part-of-a-vulnerability-alert-response"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/163864/Lucee-Administrator-imgProcess.cfm-Arbitrary-File-Write.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://dev.lucee.org/t/lucee-vulnerability-alert-november-2020/7643"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/httpvoid/writeups/blob/main/Apple-RCE.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/lucee/Lucee/commit/6208ab7c44c61d26c79e0b0af10382899f57e1ca"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://github.com/lucee/Lucee/security/advisories/GHSA-2xvv-723c-8p7r"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Press/Media Coverage", "Third Party Advisory"], "url": "https://portswigger.net/daily-swig/security-researchers-earn-50k-after-exposing-critical-flaw-in-apple-travel-portal"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Secondary"}]}