CVE-2024-21131

Risk Scores

Affected Products

Exploit Intelligence

• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• traffic_cve_webshell.yar (github-yara)
• cve-2023-22527-yara.yar (github-yara)

…and 8 more exploits

Timeline

• Feb 8, 2024 PoC Published
• Jul 16, 2024 CVE Published
• Jul 17, 2024 EPSS Score
• Aug 8, 2024 EPSS Score
• Aug 30, 2024 EPSS Score
• Sep 20, 2024 EPSS Score
• Oct 4, 2024 Coalition ESS Score
• Oct 12, 2024 EPSS Score
• Oct 16, 2024 Coalition ESS Score
• Nov 3, 2024 EPSS Score
• Nov 25, 2024 EPSS Score
• Dec 12, 2024 Coalition ESS Score

References

• ALAS2-2024-2720: java-1.8.0-openjdk (important) advisory
• ALAS2JAVA-OPENJDK11-2024-010: java-11-openjdk (important) advisory
• ALAS2-2024-2599: java-11-amazon-corretto (important) advisory
• ALAS2-2024-2600: java-17-amazon-corretto (important) advisory
• ALAS2CORRETTO8-2024-013: java-1.8.0-amazon-corretto (important) advisory