Description

The Lucee web application has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code by using a specially crafted cookie value, thereby compromising the system.

Remediation

Upgrade to the latest version of Lucee

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-14642)

Oracle JRE CVE-2020-2803 Vulnerability (CVE-2020-2803)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2606)

Joomla Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-18650)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-2201)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities