{"vulnerability": "CVE-2023-34040", "sightings": [{"uuid": "8729785f-f9c0-4351-ac18-d33f293775a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/5039", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2023\n\u63cf\u8ff0\uff1aPOC for Spring Kafka Deserialization Vulnerability CVE-2023-34040\nURL\uff1ahttps://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040\n\n\u6807\u7b7e\uff1a#CVE-2023", "creation_timestamp": "2023-08-30T12:13:28.000000Z"}, {"uuid": "adfd14d2-1a0d-4c67-8c9e-d0e8588a25bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/87", "content": "\u2604\ufe0fCVE-2023-34040\nSpring-Kafka-Deserialization RCE\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC: \nhttps://github.com/pyn3rd/CVE-2023-34040/tree/main", "creation_timestamp": "2023-10-07T14:14:27.000000Z"}, {"uuid": "9accc04d-65a1-4a68-92e5-eef8e7b52f1f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/ptswarm/186", "content": "CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution \n\n\ud83d\udc64 by pyn3rd\n\nIn Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.\n\nThe researcher described in detail the causes of the vulnerability and the method of its exploitation. This is a perfect example of how a vulnerability can be reproduced only based on information from advisory.  \n\n\ud83d\udcdd Contents:\n\u25cf Preface\n\u25cf Concepts of Kafka\n\u25cf Preparation\n\nhttps://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/", "creation_timestamp": "2023-09-18T06:30:08.000000Z"}, {"uuid": "0ba13787-c3fe-4010-a50a-d9dfea6f58f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/ap_security/152", "content": "\u2604\ufe0fCVE-2023-34040\nSpring-Kafka-Deserialization RCE\n\n\ud83d\udce3\u0421\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 PoC: \nhttps://github.com/pyn3rd/CVE-2023-34040/tree/main", "creation_timestamp": "2023-10-07T14:14:27.000000Z"}, {"uuid": "007f8871-b5e7-4479-843c-3b1c8e14fb86", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/TopCyberTechNews/367", "content": "Top Security News for 18/09/2023\n\nAccount Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation\nhttps://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/ \n\nCVE-2022-32947: macOS GPU-launched kernel privilege escalation exploit (walkthrough slides + demo)\nhttps://www.reddit.com/r/netsec/comments/16kwvfl/cve202232947_macos_gpulaunched_kernel_privilege/ \n\nTickling ksmbd: fuzzing SMB in the Linux kernel\nhttps://www.reddit.com/r/netsec/comments/16kvckv/tickling_ksmbd_fuzzing_smb_in_the_linux_kernel/ \n\nISC Stormcast For Monday, September 18th, 2023 https://isc.sans.edu/podcastdetail/8662, (Mon, Sep 18th)\nhttps://malware.news/t/isc-stormcast-for-monday-september-18th-2023-https-isc-sans-edu-podcastdetail-8662-mon-sep-18th/73542#post_1 \n\nFinancially Motivated UNC3944 Threat Actor Shifts Focus to Ransomware Attacks\nhttps://thehackernews.com/2023/09/financially-motivated-unc3944-threat.html \n\nNorth Korea's Lazarus Group Suspected in $31 Million CoinEx Heist\nhttps://thehackernews.com/2023/09/north-koreas-lazarus-group-suspected-in.html \n\nAccount Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation\nhttps://www.reddit.com/r/netsec/comments/16l167p/account_takeover_in_canvas_apps_served_in_comet/ \n\nClop gang stolen data from major North Carolina hospitals\nhttps://securityaffairs.com/150949/cyber-crime/north-carolina-hospitals-data-breach.html \n\nA Practical Approach to SBOM in CI/CD. Presenting concept of SBOM, its advantages, popular formats and practical implementations for both Java and Python projects.\nhttps://www.reddit.com/r/netsec/comments/16l5vtu/a_practical_approach_to_sbom_in_cicd_presenting/ \n\nCVE-2023-34040 Spring Kafka Deserialization Remote Code Execution\nhttps://www.reddit.com/r/netsec/comments/16kvb77/cve202334040_spring_kafka_deserialization_remote/ \n\n    \nFollow Top Cyber News at https://t.me/TopCyberTechNews\nFeel free to DM me at https://twitter.com/ShayaFeedman", "creation_timestamp": "2023-09-18T07:00:08.000000Z"}, {"uuid": "508f5d52-321b-41f0-9b16-ceea1a571770", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/4393", "content": "Roundcube CVE-2023-43770 POC : Check\n\nCVE-2023-34040 RCE Exploit : Check\n\nNightmangle: Telegram Command And Control (C2) Agent : Check", "creation_timestamp": "2023-09-30T04:24:47.000000Z"}, {"uuid": "3787ac3f-9503-4d9c-8217-24efd87eb4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "Telegram/Ls55OSGyHoJ6JZbLrNh6Nchr_R1rZcPQyoB8EhpT4Czc", "content": "", "creation_timestamp": "2023-10-22T18:25:06.000000Z"}, {"uuid": "23610799-f7be-42a7-87aa-faf4171d473b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "Telegram/wQTtnJs4bu2qpdkfBduUtEA8WULI7A-GTXrtlXHlEfx64Q", "content": "", "creation_timestamp": "2023-09-30T04:25:30.000000Z"}, {"uuid": "2597bc1f-0906-4119-b800-3a57239821c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "seen", "source": "https://t.me/proxy_bar/1740", "content": "CVE-2023-34040\nSpring-Kafka-Deserialization RCE\nPOC\n\n#apacheKafka", "creation_timestamp": "2023-09-29T20:24:24.000000Z"}, {"uuid": "a033aeec-b713-49d6-b417-a9222daced56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/8944", "content": "#exploit\n1. CVE-2023-39141:\nAria2 WebUI - Path traversal\nhttps://github.com/codeb0ss/CVE-2023-39141-PoC\n\n2. CVE-2023-34040:\nSpring Kafka Deserialization Vulnerability\nhttps://github.com/Contrast-Security-OSS/Spring-Kafka-POC-CVE-2023-34040\n\n3. CVE-2023-26818:\nExploit MacOS TCC Bypass W/ Telegram\nhttps://github.com/Zeyad-Azima/CVE-2023-26818", "creation_timestamp": "2023-08-31T10:59:01.000000Z"}, {"uuid": "677289c4-55d6-4308-88bd-5dcdbff60eef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "published-proof-of-concept", "source": "https://t.me/thebugbountyhunter/7779", "content": "CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution\n\nhttps://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/", "creation_timestamp": "2023-09-17T20:05:13.000000Z"}, {"uuid": "88a16f9a-0b5f-481f-bc94-1e38edb90ff0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-34040", "type": "seen", "source": "https://t.me/cibsecurity/69115", "content": "\u203c CVE-2023-34040 \u203c\n\nIn Spring for Apache Kafka 3.0.9 and earlier and versions 2.9.10 and earlier, a possible deserialization attack vector existed, but only if unusual configuration was applied. An attacker would have to construct a malicious serialized object in one of the deserialization exception record headers.Specifically, an application is vulnerable when all of the following are true: * The user does not\u00c2\u00a0configure an ErrorHandlingDeserializer for the key and/or value of the record * The user explicitly sets container properties checkDeserExWhenKeyNull and/or checkDeserExWhenValueNull container properties to true. * The user allows untrusted sources to publish to a Kafka topicBy default, these properties are false, and the container only attempts to deserialize the headers if an ErrorHandlingDeserializer is configured. The ErrorHandlingDeserializer prevents the vulnerability by removing any such malicious headers before processing the record.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-24T16:14:54.000000Z"}]}