{"id":18544,"date":"2022-06-05T10:25:37","date_gmt":"2022-06-05T17:25:37","guid":{"rendered":"https:\/\/sn1persecurity.com\/wordpress\/?p=18544"},"modified":"2023-05-06T06:41:53","modified_gmt":"2023-05-06T13:41:53","slug":"confluence-rce-ognl-template-injection-cve-2022-26134","status":"publish","type":"post","link":"https:\/\/sn1persecurity.com\/wordpress\/confluence-rce-ognl-template-injection-cve-2022-26134\/","title":{"rendered":"Confluence RCE via OGNL template injection (CVE-2022-26134)"},"content":{"rendered":"

A critical vulnerability affecting the Atlassian Confluence was disclosed and designated CVE-2022-26134<\/a> which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers<\/strong>. A number of Proof-of-Concept (PoC) exploits were published online<\/a> and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable servers in your environment using Sn1per Professional<\/a> and Sn1per Enterprise<\/a>.<\/p>\n

Severity: CRITICAL<\/span> | Exploit Available: Yes<\/span> | Exploitability: Easy<\/span> | Remotely Exploitable: Yes<\/span><\/strong><\/p>\n

<\/p>\n

Detect CVE-2022-26134 with Sn1per<\/h4>\n

To detect the CVE-2022-26134<\/a> vulnerability using Sn1per<\/a>, do the following:<\/p>\n

    \n
  1. Apply the template update from the Sn1per “Updates<\/strong>” panel.<\/li>\n
  2. Ensure that the “SC0PE_VULNERABLITY_SCANNER<\/strong>” is set to “1<\/strong>” in your Sn1per configuration or choose the default scan profile (ie. \/sniper\/conf\/default) when running the scan.<\/li>\n
  3. For multi-host scans, select “Live Web Hosts” from the “Multi-Host Scan” drop down menu.<\/li>\n
  4. Select the config file set in the step #2.<\/li>\n
  5. Set the number of “Tasks” to run simultaneously. For most environments (3-5 tasks should be sufficient without taxing the network too much).<\/li>\n
  6. Hit the “Scan” button to start the scan.<\/li>\n
  7. Use the Sn1per Vulnerability Report Viewer to view all active scan results.<\/li>\n<\/ol>\n

    After the scan finishes, you can then view all vulnerable instances from the Sn1per<\/a> “Vulnerability Report Viewer<\/strong>“.<\/p>\n

    \"Sn1per-Enterprise-vulnerability-report1\"<\/a><\/p>\n

    Remediation<\/h4>\n

    Atlassian recommends that you upgrade to the latest Long Term Support release. For a full description of the latest version, see the Confluence Server and Data Center Release Notes<\/a>. You can download the latest version\u00a0from the download centre<\/a>.<\/p>\n

    Note: If you run Confluence in a cluster, you will not be able to upgrade to the fixed versions without downtime, also known as a rolling upgrade. Follow the steps in Upgrading Confluence Data Center<\/a>.<\/p>\n

    NOTE: This update is only available for Sn1per Professional v10.0 and Sn1per Enterprise customers.<\/p>\n

    \r\n\r\n<\/span>\r\nFacebook<\/span>\r\n\r\n6<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nTwitter<\/span>\r\n\r\n0<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nReddit<\/span>\r\n\r\n0<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nLinkedin<\/span>\r\n\r\n1<\/span>\r\n\r\n<\/a>\r\n\r\n<\/i><\/span><\/a>
    X<\/span>\r\n\r\n<\/span>\r\nEmail<\/span>\r\n0<\/span>\t\t\t\t\r\n\r\n<\/a>\r\n<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"

    A critical vulnerability affecting the Atlassian Confluence was disclosed and designated CVE-2022-26134 which allows an un-authenticated attacker to execute arbitrary code on vulnerable […]<\/p>\n","protected":false},"author":1,"featured_media":18546,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[290,80,99,184,289,338],"tags":[324,323,318,52,38,42,37,108],"class_list":["post-18544","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-attack-surface-management","category-bug-bounties","category-cves","category-news","category-penetration-testing","category-threat-intelligence","tag-confluence","tag-cve-2022-26134","tag-detection","tag-exploit","tag-professional","tag-scanner","tag-sn1per","tag-vulnerability"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/06\/Sn1per-CVE-2022-26134-detection1.png","jetpack_shortlink":"https:\/\/wp.me\/pdnW96-4P6","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":18193,"url":"https:\/\/sn1persecurity.com\/wordpress\/big-ip-icontrol-rest-rce-cve-2022-1388-detection-with-sn1per-professional\/","url_meta":{"origin":18544,"position":0},"title":"BIG-IP iControl REST RCE (CVE-2022-1388) Detection with Sn1per Professional","author":"xer0dayz","date":"May 10, 2022","format":false,"excerpt":"A critical vulnerability affecting the F5 BIG-IP devices was disclosed and designated CVE-2022-1388 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. A number of Proof-of-Concept (PoC) exploits were published online and exploit activity is actively being observed. Given the impact and severity of the vulnerability, Sn1perSecurity\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"Sn1per-CVE-2022-1388-Scanner1","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/05\/Sn1per-CVE-2022-1388-Scanner1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":17988,"url":"https:\/\/sn1persecurity.com\/wordpress\/vmware-workspace-one-access-freemarker-ssti-cve-2022-22954-detection-with-sn1per-professional\/","url_meta":{"origin":18544,"position":1},"title":"VMware Workspace ONE Access freemarker SSTI (CVE-2022-22954) Detection with Sn1per Professional","author":"xer0dayz","date":"April 14, 2022","format":false,"excerpt":"Information regarding a critical 0-day vulnerability affecting the VMware Workspace ONE Access and Identity Manager was disclosed and designated CVE-2022-22954 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. On April 14th, CISA & US-Cert added CVE-2022-22954 to their catalog of known exploited vulnerabilities after a number\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-cve-2022-22954-detection1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-cve-2022-22954-detection1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-cve-2022-22954-detection1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-cve-2022-22954-detection1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-cve-2022-22954-detection1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-cve-2022-22954-detection1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":17958,"url":"https:\/\/sn1persecurity.com\/wordpress\/spring4shell-cve-2022-22965-detection-with-sn1per-professional\/","url_meta":{"origin":18544,"position":2},"title":"Spring4Shell (CVE-2022-22965) Detection with Sn1per Professional","author":"xer0dayz","date":"April 11, 2022","format":false,"excerpt":"On March 30, 2022, information regarding a critical 0-day vulnerability affecting the Spring Framework was disclosed and dubbed \"Spring4Shell\" CVE-2022-22965 which allows an un-authenticated attacker to execute arbitrary code on vulnerable servers. Given the impact and severity of the vulnerability, Sn1perSecurity has released an out-of-band update to help detect vulnerable\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"Sn1per-Spring4Shell-Scanner1","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Spring4Shell-Scanner1.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":26771,"url":"https:\/\/sn1persecurity.com\/wordpress\/cve-2024-21733-apache-tomcat-http-request-smuggling\/","url_meta":{"origin":18544,"position":3},"title":"CVE-2024-21733 Apache Tomcat HTTP Request Smuggling","author":"xer0dayz","date":"January 21, 2024","format":false,"excerpt":"Our security research team recently discovered a critical \"0day\" vulnerability which was assigned CVE-2024-21733. The vulnerability was discovered by xer0dayz from Sn1perSecurity LLC and allows attackers to force a victim's browser to de-synchronize its connection with websites hosted on top of Apache Tomcat, causing sensitive data to be smuggled from\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"CVE-2024-21733 Apache Tomcat HTTP Request Smuggling","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2024\/01\/CVE-2024-21733.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":19102,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-2-update\/","url_meta":{"origin":18544,"position":4},"title":"Sn1per Scan Engine v10.2 Released!","author":"xer0dayz","date":"July 20, 2022","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.2 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE v10.2 Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":14967,"url":"https:\/\/sn1persecurity.com\/wordpress\/continuous-attack-surface-management-with-sn1per-professional\/","url_meta":{"origin":18544,"position":5},"title":"Attack Surface Management With Sn1per Professional","author":"xer0dayz","date":"February 8, 2021","format":false,"excerpt":"External Attack Surface Management (EASM) has become a crucial function for every organization to gain visibility of their perimeter security. Having the right tools and processes in place is vital to detecting new vulnerabilities before attackers do. In this blog post, we will outline the basic steps for discovering the\u2026","rel":"","context":"In "Attack Surface Management"","block_context":{"text":"Attack Surface Management","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/attack-surface-management\/"},"img":{"alt_text":"Sn1per Professional Continuous Attack Surface Testing","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/02\/Sn1per-Professional-Continuous-Attack-Surface-Testing.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/02\/Sn1per-Professional-Continuous-Attack-Surface-Testing.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/02\/Sn1per-Professional-Continuous-Attack-Surface-Testing.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/02\/Sn1per-Professional-Continuous-Attack-Surface-Testing.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/02\/Sn1per-Professional-Continuous-Attack-Surface-Testing.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/02\/Sn1per-Professional-Continuous-Attack-Surface-Testing.png?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/18544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=18544"}],"version-history":[{"count":6,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/18544\/revisions"}],"predecessor-version":[{"id":18553,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/18544\/revisions\/18553"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media\/18546"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=18544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/categories?post=18544"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/tags?post=18544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}