Plattform
java
Komponente
org.geoserver.web:gs-web-app
Behoben in
2.25.1
2.25.0
CVE-2024-34711 describes a Server-Side Request Forgery (SSRF) vulnerability within the GeoServer web application. This flaw allows an attacker to craft malicious XML External Entities (XEE) requests, enabling them to send arbitrary GET requests to any HTTP server. The vulnerability impacts versions of GeoServer prior to 2.25.0. A fix has been released in version 2.25.0.
The SSRF vulnerability in GeoServer poses a significant risk. An attacker can leverage this to perform internal network reconnaissance, identifying and mapping internal services and resources. They can then use this information to target those services with further attacks. The ability to send arbitrary HTTP requests also allows for potential data exfiltration or manipulation, depending on the targeted internal services. The description also mentions the ability to read limited .xsd files on the system, which could reveal sensitive configuration details or internal paths.
CVE-2024-34711 has been publicly disclosed. The vulnerability's criticality (CVSS 9.3) and the ease of exploitation (SSRF) suggest a medium probability of exploitation. No known active campaigns targeting this vulnerability have been reported at the time of writing, but the public nature of the disclosure increases the likelihood of exploitation attempts. The vulnerability was published on 2025-06-10.
Organizations deploying GeoServer for geospatial data serving and web mapping are at risk. This includes government agencies, research institutions, and commercial enterprises relying on GeoServer for their GIS applications. Specifically, deployments utilizing older versions of GeoServer (prior to 2.25.0) and those with less stringent network security controls are particularly vulnerable.
• java / server: Monitor GeoServer logs for unusual outbound HTTP requests, especially those originating from internal IP addresses or containing suspicious URIs.
grep -i "uri=" /path/to/geoserver/logs/geoserver.log• generic web: Use curl or wget to test for SSRF by attempting to access internal resources through GeoServer.
curl http://localhost:8080/geoserver/your_service?xml=file:///etc/passwd• wordpress / composer / npm: N/A - This vulnerability is not specific to WordPress, Composer, or npm. • database (mysql, redis, mongodb, postgresql): N/A - This vulnerability is not specific to databases. • windows / supply-chain: N/A - This vulnerability is not specific to Windows or supply chains.
disclosure
Exploit-Status
EPSS
0.12% (30% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-34711 is to upgrade GeoServer to version 2.25.0 or later, which includes the necessary fix for the improper URI validation. If upgrading immediately is not feasible, consider implementing a Web Application Firewall (WAF) with rules to block suspicious XML entities and restrict outbound HTTP requests originating from GeoServer. Review and tighten network segmentation to limit the potential blast radius of a successful SSRF attack. Monitor GeoServer logs for unusual outbound HTTP requests.
Aktualisieren Sie GeoServer auf Version 2.25.0 oder höher. Diese Version enthält eine Standardkonfiguration für ENTITY_RESOLUTION_ALLOWLIST, die die SSRF-Schwachstelle mildert. Weitere Informationen zur Konfiguration externer Entitäten finden Sie in der GeoServer-Dokumentation.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-34711 is a critical SSRF vulnerability in GeoServer's web application, allowing attackers to send unauthorized requests and potentially scan internal networks. It affects versions before 2.25.0.
You are affected if you are running GeoServer versions prior to 2.25.0. Assess your environment and upgrade as soon as possible.
Upgrade GeoServer to version 2.25.0 or later. As a temporary workaround, implement WAF rules to block suspicious URIs.
While no active exploitation has been confirmed, the vulnerability's severity and SSRF nature suggest a high likelihood of future exploitation. Monitor security advisories.
Refer to the official GeoServer security advisories on the GeoServer website for the latest information and updates regarding CVE-2024-34711.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.