CVE-2024-2056 – Artica Proxy Loopback Services Remotely Accessible Unauthenticated
https://notcve.org/view.php?id=CVE-2024-2056
Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. Los servicios que se están ejecutando y vinculados a la interfaz de bucle invertido en Artica Proxy son accesibles a través del servicio de proxy. • http://seclists.org/fulldisclosure/2024/Mar/14 https://github.com/gvalkov/tailon#security https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-552: Files or Directories Accessible to External Parties •
CVE-2024-2055 – Artica Proxy Unauthenticated File Manager Vulnerability
https://notcve.org/view.php?id=CVE-2024-2055
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. La función "Rich Filemanager" de Artica Proxy proporciona una interfaz basada en web para capacidades de administración de archivos. Cuando la función está habilitada, no requiere autenticación de forma predeterminada y se ejecuta como usuario raíz. The Rich Filemanager feature of Artica Proxy versions 4.40 and 4.50 provides a web-based interface for file management capabilities. • http://seclists.org/fulldisclosure/2024/Mar/13 https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt • CWE-288: Authentication Bypass Using an Alternate Path or Channel CWE-552: Files or Directories Accessible to External Parties •
CVE-2024-2054 – Artica Proxy Unauthenticated PHP Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-2054
The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. La aplicación web administrativa Artica-Proxy deserializará objetos PHP arbitrarios proporcionados por usuarios no autenticados y posteriormente permitirá la ejecución de código como usuario "www-data". A command injection vulnerability in Artica Proxy appliance versions 4.50 and 4.40 allows remote attackers to run arbitrary commands via an unauthenticated HTTP request. The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the www-data user. • https://github.com/Madan301/CVE-2024-2054 http://seclists.org/fulldisclosure/2024/Mar/12 https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt https://attackerkb.com/topics/q1JUcEJjXZ/cve-2024-2054 • CWE-502: Deserialization of Untrusted Data •
CVE-2024-2053 – Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-2053
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. La aplicación web administrativa Artica Proxy deserializará objetos PHP arbitrarios proporcionados por usuarios no autenticados y posteriormente permitirá la ejecución de código como usuario "www-data". Este problema se demostró en la versión 4.50 de La aplicación web administrativa Artica-Proxy intenta evitar la inclusión de archivos locales. • http://seclists.org/fulldisclosure/2024/Mar/11 https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt • CWE-23: Relative Path Traversal •