daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/cves/2020/CVE-2020-15129.yaml

26 lines
906 B
YAML
Raw Normal View History

misc changes
2021-01-02 04:56:15 +00:00
id: CVE-2020-15129
:fire: Add CVE-2020-15129
2020-09-14 17:31:40 +00:00
info:
name: Open-redirect in Traefik
author: dwisiswant0
severity: medium
description: There exists a potential open redirect vulnerability in Traefik's handling of the X-Forwarded-Prefix header. Active Exploitation of this issue is unlikely as it would require active header injection, however the Traefik team may want to address this issue nonetheless to prevent abuse in e.g. cache poisoning scenarios.
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses:
2021-02-05 19:44:41 +00:00
reference: https://securitylab.github.com/advisories/GHSL-2020-140-Containous-Traefik
tags: cve,cve2020,traefik,redirect
:pencil2: Add reference
2020-09-14 17:40:03 +00:00
:fire: Add CVE-2020-15129
2020-09-14 17:31:40 +00:00
requests:
- method: GET
path:
- "{{BaseURL}}"
headers:
X-Forwarded-Prefix: "https://foo.nl"
matchers-condition: and
matchers:
- type: status
status:
:hammer: Update status matcher
2020-09-14 17:39:24 +00:00
- 302
:fire: Add CVE-2020-15129
2020-09-14 17:31:40 +00:00
- type: word
words:
- "<a href=\"https://foo.nl/dashboard/\">Found</a>"
condition: or
part: body