Security Alerts blog

Log4Shell Vulnerability Conditions Mimicked in H2 Database Console

The Jfrog security research team has discovered a vulnerability in the H2 database console. CVE-2021-42392 shares a root cause with the now infamous Log4Shell vulnerability.

H2 is a popular and open-source SQL database written in java, which offers a lightweight in-memory solution, meaning data is not required to be stored on a disk. This makes it suitable for various platforms, including IoT devices.

Like Log4j, the H2 console passes unfiltered arbitrary URLs to a class responsible for loading code bases remotely, and an attacker can abuse this to obtain remote code execution. It should be noted that authentication is not required to exploit this vulnerability.

The impact:

Like Log4Shell, an attacker can exploit the H2 consoles acceptance of arbitrary URLs to achieve remote access to the underlying server. From here, they can perform a variety of malicious actions from the initial foothold, including but not limited to privilege escalation and the deployment of malware.

The following should be noted, however:

  • The server that processes the initial request to the H2 console is the server that gets impacted by the remote code execution.
  • By default, H2 only listens for localhost connections. If default configurations are in use, then this vulnerability cannot be exploited remotely.
  • It is possible to run the H2 database without the H2 console, which some vendors are doing. Whilst there are other vectors to achieve remote code execution, these are highly contextual and of higher complexity.

The remediation:

Upgrade to H2 database version 2.0.206 immediately. If remote connections are not necessary, configuring the database to listen for localhost connections only, will prevent remote exploitation.

Sources:

Risk Crew

Share
Published by
Risk Crew

Recent Posts

ISO 42001: Key Insights You Need to Know

Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…

3 months ago

ISO 27001 Requirements | Your Roadmap to Compliance

Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…

3 months ago

How to Get Ready for a Penetration Test

It is an undeniable fact that all applications and infrastructures are essentially in need of…

5 months ago