[MART] - Daily Diary #427 - H2 Console Vulnerable to JNDI Flaw

CTAS-MAT ctas-mat at appgate.com
Fri Jan 7 20:24:35 UTC 2022 

Hello,
I hope everyone is doing well!

Below is the entry for today.

07/01/2021 - Diary entry #427

This week a new vulnerability in H2 console was disclosed. H2 is an open-source database management tool written in java. By exploiting the vulnerability in H2 console, it allows an unauthenticated user to execute arbitrary java code from the H2 console.

This vulnerability, tracker under CVE-2021-42392, is caused by the same component as Log4Shell, the JNDI (Java Naming and Directory Interface) API. Although it's a critical vulnerability, this console is not commonly exposed to the internet. In fact, by default, it only executes in localhost. The exception for this are third-party tools like JHipster framework that expose the H2 console though other interfaces, but even then, it should still only be available on the internal network.

For the reasons above, we expect it to be more used as a lateral movement exploit than an initial infection vector. Log4Shell received a CVSS of 10, the highest possible, as it has a very high destruction potential. Many applications implement this library at different levels, and it's only necessary for the application to log a malicious string to trigger the vulnerability.

As Log4Shell is getting a lot of attention, we expect lots of other exploits using the same technique to be published, as developers and pentesters review their code. It's very important for any company developing Java based applications to review the security of their applications, preferably with a pentest team, and to segment their network, isolating all critical servers from the internet exposed services.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220107/17756f19/attachment.htm>

More information about the MART mailing list