How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System
Tags
attack-pattern: Direct Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006 Connection Proxy - T1090
Show in Graph
Common Information
Type Value
UUID 426d0c89-686f-4494-9869-2473f007ce58
Fingerprint 9568031265b54ece
Analysis status DONE
Considered CTI value 1
Text language
Published Aug. 11, 2018, 8:20 a.m.
Added to db Jan. 18, 2023, 7:38 p.m.
Last updated Nov. 17, 2024, 5:46 p.m.
Headline Orange
Title How I Chained 4 Bugs(Features?) into RCE on Amazon Collaboration System
Detected Hints/Tags/Attributes 48/1/26
Source URLs
Redirection Url
Details Source http://blog.orange.tw/2018/08/how-i-chained-4-bugs-features-into-rce-on-amazon.html
URL Provider
Details Provider Source level domain
Details orange.tw blog.orange.tw
Attributes
Details Type #Events CTI Value
Details CVE 5 
cve-2010-1871
Details Domain 1 
collaborate-corp.amazon.com
Details Domain 1 
pages.java
Details Domain 1 
seamnavigationhandler.java
Details Domain 1 
facesmanager.java
Details Domain 1 
interpolator.java
Details Domain 1 
expressions.java
Details Domain 1 
blacklist.properties
Details Domain 2 
jboss.org
Details Domain 113 
access.redhat.com
Details Domain 295 
amazon.com
Details Email 2 
security@jboss.org
Details Email 2 
aws-security@amazon.com
Details File 31 
pom.xml
Details File 40 
web.xml
Details File 24 
login.jsp
Details File 1 
pages.java
Details File 1 
seamnavigationhandler.java
Details File 1 
facesmanager.java
Details File 1 
interpolator.java
Details File 1 
expressions.java
Details Url 1 
https://collaborate-corp.amazon.com/nuxeo
Details Url 1 
https://collaborate-corp.amazon.com/nuxeo/login.jsp
Details Url 1 
http://host/whatever.xhtml?actionmethod=/foo.xhtml:user.username
Details Url 1 
http://host/nuxeo/login.jsp;/..;/create_file.xhtml
Details Url 1 
https://access.redhat.com/support/policy/updates/jboss_notes