nuclei-templates/http/cves/2018/CVE-2018-1000671.yaml

id: CVE-2018-1000671

info:
  name: Sympa version =>6.2.16 - Cross-Site Scripting
  author: 0x_Akoko
  severity: medium
  description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Upgrade to a patched version of Sympa (>=6.2.17) or apply the necessary security patches provided by the vendor.
  reference:
    - https://github.com/sympa-community/sympa/issues/268
    - https://vuldb.com/?id.123670
    - https://nvd.nist.gov/vuln/detail/CVE-2018-1000671
    - https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html
    - https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2018-1000671
    cwe-id: CWE-601
    epss-score: 0.00422
    epss-percentile: 0.74167
    cpe: cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: sympa
    product: sympa
    shodan-query: http.html:"sympa"
    fofa-query: body="sympa"
  tags: cve,cve2018,redirect,sympa,debian

http:
  - method: GET
    path:
      - '{{BaseURL}}/sympa?referer=http://interact.sh&passwd=&previous_action=&action=login&action_login=&previous_list=&list=&email='

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
# digest: 4a0a00473045022028e11e18259c866430979aed335d87e9013da4ad6269891e35178b6c514e1d5a022100cf6f6e9a1f027d12c9dd2ab6bdd0b897b3e17b49b313c9d1e85d763df05f738e:922c64590222798bb761d5b6d8e72950
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00			`id: CVE-2018-1000671`

			`info:`
Dashboard Content Enhancements (#5164) Dashboard Content Enhancements 2022-08-19 20:44:38 +00:00			`name: Sympa version =>6.2.16 - Cross-Site Scripting`
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00			`author: 0x_Akoko`
			`severity: medium`
Dashboard Content Enhancements (#5164) Dashboard Content Enhancements 2022-08-19 20:44:38 +00:00			`description: Sympa version 6.2.16 and later contains a URL Redirection to Untrusted Site vulnerability in the referer parameter of the wwsympa fcgi login action that can result in open redirection and reflected cross-site scripting via data URIs.`
Added Impact 2023-09-27 15:51:13 +00:00			`impact: \|`
			`Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to potential session hijacking, defacement, or theft of sensitive information.`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`remediation: \|`
			`Upgrade to a patched version of Sympa (>=6.2.17) or apply the necessary security patches provided by the vendor.`
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00			`reference:`
			`- https://github.com/sympa-community/sympa/issues/268`
			`- https://vuldb.com/?id.123670`
Dashboard Content Enhancements (#5164) Dashboard Content Enhancements 2022-08-19 20:44:38 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2018-1000671`
more updates 2023-07-15 16:29:17 +00:00			`- https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html`
			`- https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html`
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00			`classification:`
Auto Generated CVE annotations [Sun Jul 24 17:19:23 UTC 2022] :robot: 2022-07-24 17:19:23 +00:00			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N`
			`cvss-score: 6.1`
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00			`cve-id: CVE-2018-1000671`
			`cwe-id: CWE-601`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`epss-score: 0.00422`
			`epss-percentile: 0.74167`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`cpe: cpe:2.3:a:sympa:sympa::::::::`
Update and rename CVE-2018-1000671.yaml to cves/2018/CVE-2018-1000671.yaml 2022-07-24 17:04:32 +00:00			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`max-request: 1`
more updates 2023-07-15 16:29:17 +00:00			`vendor: sympa`
			`product: sympa`
updated 2018 CVEs 2023-09-06 12:57:14 +00:00			`shodan-query: http.html:"sympa"`
product/queries updated 2024-05-31 19:23:20 +00:00			`fofa-query: body="sympa"`
Update and rename CVE-2018-1000671.yaml to cves/2018/CVE-2018-1000671.yaml 2022-07-24 17:04:32 +00:00			`tags: cve,cve2018,redirect,sympa,debian`
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00			`- method: GET`
			`path:`
Update and rename CVE-2018-1000671.yaml to cves/2018/CVE-2018-1000671.yaml 2022-07-24 17:04:32 +00:00			`- '{{BaseURL}}/sympa?referer=http://interact.sh&passwd=&previous_action=&action=login&action_login=&previous_list=&list=&email='`
Create CVE-2018-1000671.yaml 2022-07-19 12:44:46 +00:00
			`matchers:`
			`- type: regex`
			`part: header`
Update and rename CVE-2018-1000671.yaml to cves/2018/CVE-2018-1000671.yaml 2022-07-24 17:04:32 +00:00			`regex:`
Reduce false-positives in open-redirect regexes 2023-03-01 08:39:14 +00:00			`- '(?m)^(?:Location\s?:\s?)(?:https?:\/\/\|\/\/\|\/\\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@])interact\.sh\/?(\/\|[^.].)?$' # https://regex101.com/r/L403F0/1`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4a0a00473045022028e11e18259c866430979aed335d87e9013da4ad6269891e35178b6c514e1d5a022100cf6f6e9a1f027d12c9dd2ab6bdd0b897b3e17b49b313c9d1e85d763df05f738e:922c64590222798bb761d5b6d8e72950`