nuclei-templates/network/misconfig/clamav-unauth.yaml

id: clamav-unauth

info:
  name: ClamAV Server - Unauthenticated Access
  author: dwisiswant0
  severity: high
  description: |
    ClamAV server 0.99.2, and possibly other previous versions, allow the execution
    of dangerous service commands without authentication. Specifically, the command 'SCAN'
    may be used to list system files and the command 'SHUTDOWN' shut downs the service.
  metadata:
    max-request: 2
    verified: true
    shodan-query: 'port:3310 product:"ClamAV" version:"0.99.2"'
  reference:
    - https://seclists.org/nmap-dev/2016/q2/201
    - https://bugzilla.clamav.net/show_bug.cgi?id=11585
  tags: network,clamav,unauth,seclists

tcp:
  - inputs:
      - data: "SCAN /nonexistent/{{to_lower(rand_text_alpha(10))}}\r\n"
    host:
      - "{{Hostname}}"
      - "{{Host}}:3310"
    read-size: 48

    matchers:
      - type: word
        words:
          - "No such"
          - "lstat() failed"
        condition: and
Add clamav-unauth 2022-10-24 00:51:53 +00:00			`id: clamav-unauth`

			`info:`
			`name: ClamAV Server - Unauthenticated Access`
			`author: dwisiswant0`
			`severity: high`
			`description: \|`
			`ClamAV server 0.99.2, and possibly other previous versions, allow the execution`
			`of dangerous service commands without authentication. Specifically, the command 'SCAN'`
			`may be used to list system files and the command 'SHUTDOWN' shut downs the service.`
Update clamav-unauth.yaml 2022-10-25 12:01:33 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 2`
Update clamav-unauth.yaml 2022-10-25 12:01:33 +00:00			`verified: true`
Update clamav-unauth.yaml 2022-10-25 12:02:26 +00:00			`shodan-query: 'port:3310 product:"ClamAV" version:"0.99.2"'`
Add clamav-unauth 2022-10-24 00:51:53 +00:00			`reference:`
			`- https://seclists.org/nmap-dev/2016/q2/201`
			`- https://bugzilla.clamav.net/show_bug.cgi?id=11585`
Auto Generated CVE annotations [Tue Oct 25 12:33:55 UTC 2022] :robot: 2022-10-25 12:33:55 +00:00			`tags: network,clamav,unauth,seclists`
Add clamav-unauth 2022-10-24 00:51:53 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`tcp:`
Add clamav-unauth 2022-10-24 00:51:53 +00:00			`- inputs:`
			`- data: "SCAN /nonexistent/{{to_lower(rand_text_alpha(10))}}\r\n"`
			`host:`
			`- "{{Hostname}}"`
			`- "{{Host}}:3310"`
			`read-size: 48`
Update clamav-unauth.yaml 2022-10-25 12:01:33 +00:00
Add clamav-unauth 2022-10-24 00:51:53 +00:00			`matchers:`
			`- type: word`
			`words:`
Update clamav-unauth.yaml 2022-10-25 12:01:33 +00:00			`- "No such"`
			`- "lstat() failed"`
			`condition: and`