Back to search
CVE-2016-4462
Published: Aug 30, 2017
Modified: Sep 17, 2024
PUBLISHED
Description
By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Freemarker template could be used for remote code execution. Mitigation: Upgrade to Apache OFBiz 16.11.01
| Vendor | Product | Versions |
|---|---|---|
Apache Software Foundation | Apache OFBiz | affected 13.07.*affected 12.04.*affected 11.04.* |
References
[www-announce] 20161129 [SECURITY] CVE-2016-4462 OFBiz template remote code vulnerability
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now