Description
The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected products
- Artica Tech / Artica Proxy4.50 – 4.50
- Artica Tech / Artica Proxy4.40 – 4.40
Exploits & PoCs
- nucleiArtica Proxy - Unauthenticated LFIby pussycat0x
References
- VENDOR_ADVISORYhttps://korelogic.com/Resources/Advisories/KL-001-2024-001.txt
- MAILING_LISThttp://seclists.org/fulldisclosure/2024/Mar/11