Description

The Lucee web application has a Remote Code Execution (RCE) vulnerability. This vulnerability allows unauthenticated attackers to execute arbitrary code by using a specially crafted cookie value, thereby compromising the system.

Remediation

Upgrade to the latest version of Lucee

References

Hello Lucee! Let us hack Apple again?

Lucee RCE Vulnerabilities February 2024

Related Vulnerabilities

Oracle JRE CVE-2014-2423 Vulnerability (CVE-2014-2423)

MySQL Cleartext Transmission of Sensitive Information Vulnerability (CVE-2017-3305)

MySQL Out-of-bounds Write Vulnerability (CVE-2020-15358)

WordPress Other Vulnerability (CVE-2005-1810)

Grafana CVE-2021-27358 Vulnerability (CVE-2021-27358)

Severity

Critical

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Known Vulnerabilities