update environments.toml

vinglogn · Dec 30, 2023 · 5ecfd80 · 5ecfd80
1 parent ff29e98
commit 5ecfd80
Show file tree

Hide file tree

Showing 6 changed files with 50 additions and 5 deletions.
diff --git a/base/ofbiz/18.12.10/Dockerfile b/base/ofbiz/18.12.10/Dockerfile
@@ -0,0 +1,21 @@
+FROM openjdk:8-jdk
+
+LABEL maintainer="phith0n <[email protected]>"
+
+ARG VERSION=18.12.10
+RUN set -ex \
+    && cd /usr/src \
+    && wget -q http://archive.apache.org/dist/ofbiz/apache-ofbiz-${VERSION}.zip \
+    && unzip apache-ofbiz-${VERSION}.zip \
+    && mv apache-ofbiz-${VERSION} apache-ofbiz \
+    && rm -rf /usr/src/apache-ofbiz-${VERSION}.zip
+
+RUN set -ex \
+    && cd /usr/src/apache-ofbiz \
+    && ./gradle/init-gradle-wrapper.sh \
+    && ./gradlew loadAll
+    # && ./gradlew "ofbiz --load-data readers=seed,seed-initial,ext"
+
+WORKDIR /usr/src/apache-ofbiz
+EXPOSE 8443
+CMD [ "java", "-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=5005", "-jar", "./build/libs/ofbiz.jar" ]
diff --git a/environments.toml b/environments.toml
@@ -10,6 +10,18 @@ cve = ["CVE-2016-3088"]
 app = "Apache ActiveMQ"
 path = "activemq/CVE-2016-3088"
 
+[[environment]]
+name = "Apache ActiveMQ Jolokia Authenticated Remote Code Execution"
+cve = ["CVE-2022-41678"]
+app = "Apache ActiveMQ"
+path = "activemq/CVE-2022-41678"
+
+[[environment]]
+name = "Apache ActiveMQ OpenWire Protocol Deserialization RCE"
+cve = ["CVE-2023-46604"]
+app = "Apache ActiveMQ"
+path = "activemq/CVE-2023-46604"
+
 [[environment]]
 name = "Adminer Server-side Request Forgery on Error Page of Elasticsearch and ClickHouse"
 cve = ["CVE-2021-21311"]
@@ -823,9 +835,21 @@ path = "ntopng/CVE-2021-28073"
 [[environment]]
 name = "Apache OfBiz Deserialization Command Execution"
 cve = ["CVE-2020-9496"]
-app = "Apache OfBiz"
+app = "Apache OFBiz"
 path = "ofbiz/CVE-2020-9496"
 
+[[environment]]
+name = "Unsafe deserialization of XMLRPC arguments in Apache OFBiz"
+cve = ["CVE-2023-49070"]
+app = "Apache OFBiz"
+path = "ofbiz/CVE-2023-49070"
+
+[[environment]]
+name = "Apache OFBiz Authentication Bypass Leads to RCE"
+cve = ["CVE-2023-51467"]
+app = "Apache OFBiz"
+path = "ofbiz/CVE-2023-51467"
+
 [[environment]]
 name = "Openfire Management Background Authentication Bypass"
 cve = ["CVE-2023-32315"]

diff --git a/ofbiz/CVE-2023-49070/README.zh-cn.md b/ofbiz/CVE-2023-49070/README.zh-cn.md
@@ -12,7 +12,7 @@ Apache OFBiz官方于18.12.10中彻底删除xmlrpc接口修复该漏洞。
 
 ## 漏洞环境
 
-执行如下命令启动一个Apache OfBiz 18.12.09版本：
+执行如下命令启动一个Apache OfBiz 18.12.09服务器：
 
 ```
 docker compose up -d

diff --git a/ofbiz/CVE-2023-51467/README.md b/ofbiz/CVE-2023-51467/README.md
@@ -14,7 +14,7 @@ References:
 
 ## Vulnerable environment
 
-Executing following command to start an Apache OfBiz 18.12.09 server:
+Executing following command to start an Apache OfBiz 18.12.10 server:
 
 ```
 docker compose up -d

diff --git a/ofbiz/CVE-2023-51467/README.zh-cn.md b/ofbiz/CVE-2023-51467/README.zh-cn.md
@@ -12,7 +12,7 @@ Apache OFBiz是一个非常著名的电子商务平台，是一个非常著名
 
 ## 漏洞环境
 
-执行如下命令启动一个Apache OfBiz 18.12.09版本：
+执行如下命令启动一个Apache OfBiz 18.12.10服务器：
 
 ```
 docker compose up -d

diff --git a/ofbiz/CVE-2023-51467/docker-compose.yml b/ofbiz/CVE-2023-51467/docker-compose.yml
@@ -1,7 +1,7 @@
 version: '2'
 services:
  web:
-   image: vulhub/ofbiz:18.12.09
+   image: vulhub/ofbiz:18.12.10
    ports:
     - "8443:8443"
     - "5005:5005"