SID 1:63912

Report a false positive

Rule Category

POLICY-OTHER --

Alert Message

POLICY-OTHER Apache OFBiz EntitySQLProcessor arbitrary SQL command execution attempt

Rule Explanation

This rule looks for HTTP requests sent to the "EntitySQLProcessor" endpoint in Apache OFBiz web applications that contain arbitrary SQL commands.

What To Look For

This rule fires on attempts to invoke the "EntitySQLProcessor" endpoint in Apache OFBiz web applications. This endpoint allows for the execution of arbitrary SQL commands. Before the patch for CVE-2024-38856, this endpoint did not require any authentication.

Known Usage

Public information/Proof of Concept available

False Positives

Known false positives, with the described conditions

This rule alerts on all attempts to execute arbitrary SQL commands via the "sqlCommand" parameter via the "/EntitySQLProcessor" endpoint on Apache OFBiz web applications.

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2024-38856

Additional Links

github.com/apache/ofbiz-framework/pull/821/commits/228d83a7c6734adb1b5e2a7d1ff1025f105e6e65

Rule Vulnerability

N/A

Not Applicable

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2024-38856
 Loading description