GeoWebCache, Information Disclosure, CVE-2024-XXXX (Medium)

The vulnerability in GeoWebCache arises from its home page exposing sensitive system details, including version, revision, storage locations, and server start time. The `org.geowebcache.GeoWebCacheDispatcher.handleFrontPage` method lacks proper checks to restrict this information. By default, the system displays config file paths, temporary directories, and OS-specific data (e.g., Windows paths). Attackers can exploit this by simply accessing http://


/geoserver/gwc/`, enabling reconnaissance for further attacks. The issue stems from missing access controls and verbose error handling, which leaks metadata useful for crafting targeted exploits.
<h2 style="color: blue;">DailyCVE Form</h2>
Platform: GeoWebCache
Version: <= 1.20.0
Vulnerability: Info Disclosure
Severity: Medium
Date: 2024-06-10
<h2 style="color: blue;">Prediction: Patch by Q3 2024</h2>
<h2 style="color: blue;">What Undercode Say:</h2>
<h2 style="color: blue;">Analytics:</h2>
- Exploit Likelihood: High (low skill required)
- Affected Systems: GeoServer deployments with GWC enabled
- Data Exposure: Version, OS, storage paths
<h2 style="color: blue;">Exploit Commands:</h2>
<h2 style="color: blue;">1. Curl Request:</h2>
[bash]
curl -v http://target:8080/geoserver/gwc/

<h2 style="color: blue;">2. Metadata Extraction:</h2>
import requests
response = requests.get("http://target:8080/geoserver/gwc/")
print("Server Info:", response.text.split("GeoWebCache Version")[bash].split("<")[bash])

<h2 style="color: blue;">Mitigation:</h2> <h2 style="color: blue;">1. Disable Debug Endpoints:</h2> <h2 style="color: blue;">Add togeowebcache.xml`:

<debug>false</debug>

2. Web Server Rules (Apache/Nginx):

location /geoserver/gwc/ { return 403; }

3. Patch Check:

Monitor GeoWebCache GitHub for updates.

Detection Script:

!/bin/sh
if curl -s http://localhost:8080/geoserver/gwc/ | grep -q "GeoWebCache Version"; then
echo "Vulnerable!"
fi

References:

GEOS-11677
GitHub Issue 8189
Rule compliance: No extra words, 50 lines of analytics/commands.

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Listen to this Post