CVE-2023-50968
📋 TL;DR
This vulnerability in Apache OFBiz allows unauthenticated attackers to read arbitrary file properties via unauthorized URI calls, potentially exposing sensitive system information. The same URI can be exploited for Server-Side Request Forgery (SSRF) attacks, enabling attackers to make requests to internal systems. All Apache OFBiz users running affected versions are impacted.
💻 Affected Systems
- Apache OFBiz
📦 What is this software?
Ofbiz by Apache
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive file metadata, perform SSRF to access internal services, potentially leading to data exfiltration, internal network reconnaissance, or chained attacks with other vulnerabilities.
Likely Case
Unauthenticated attackers reading file properties to gather system information and performing SSRF attacks against internal services accessible from the OFBiz server.
If Mitigated
With proper network segmentation and access controls, impact is limited to file property disclosure and SSRF attempts against allowed internal targets only.
🎯 Exploit Status
The vulnerability description indicates exploitation requires no authentication and involves simple URI calls.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 18.12.11
Vendor Advisory: https://ofbiz.apache.org/release-notes-18.12.11.html
Restart Required: Yes
Instructions:
1. Download Apache OFBiz 18.12.11 from https://ofbiz.apache.org/download.html
2. Backup current installation and data
3. Stop OFBiz services
4. Replace with patched version
5. Restart OFBiz services
6. Verify functionality
🔧 Temporary Workarounds
Network Access Control
allRestrict access to OFBiz endpoints using firewall rules or web application firewall (WAF) to block unauthorized URI patterns.
Authentication Enforcement
allConfigure OFBiz to require authentication for all URI endpoints, especially those handling file operations.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate OFBiz from sensitive internal systems
- Deploy web application firewall with rules to detect and block SSRF attempts and unauthorized file property requests
🔍 How to Verify
Check if Vulnerable:
Check if Apache OFBiz version is earlier than 18.12.11 by examining version files or running the version check command.Check Version:
Check the OFBiz installation directory for version files or examine web interface footer for version information.Verify Fix Applied:
Confirm version is 18.12.11 or later and test that unauthorized URI calls to file property endpoints are properly blocked.📡 Detection & Monitoring
Log Indicators:
- Unusual URI patterns accessing file properties
- Multiple failed authentication attempts followed by file property requests
- Outbound requests from OFBiz to internal IP ranges
Network Indicators:
- HTTP requests to OFBiz with file-related parameters from unauthenticated sources
- OFBiz server making requests to internal services not typically accessed
SIEM Query:
source="ofbiz-logs" AND (uri="*file*" OR uri="*property*") AND auth_status="failed"🔗 References
- http://www.openwall.com/lists/oss-security/2023/12/26/2
- https://issues.apache.org/jira/browse/OFBIZ-12875
- https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q
- https://ofbiz.apache.org/download.html
- https://ofbiz.apache.org/release-notes-18.12.11.html
- https://ofbiz.apache.org/security.html
- http://www.openwall.com/lists/oss-security/2023/12/26/2
- https://issues.apache.org/jira/browse/OFBIZ-12875
- https://lists.apache.org/thread/x5now4bk3llwf3k58kl96qvtjyxwp43q
- https://ofbiz.apache.org/download.html
- https://ofbiz.apache.org/release-notes-18.12.11.html
- https://ofbiz.apache.org/security.html
