nuclei-templates/network/clamav-unauth.yaml

id: clamav-unauth

info:
  name: ClamAV Server - Unauthenticated Access
  author: dwisiswant0
  severity: high
  description: |
    ClamAV server 0.99.2, and possibly other previous versions, allow the execution
    of dangerous service commands without authentication. Specifically, the command 'SCAN'
    may be used to list system files and the command 'SHUTDOWN' shut downs the service.
  reference:
    - https://seclists.org/nmap-dev/2016/q2/201
    - https://bugzilla.clamav.net/show_bug.cgi?id=11585
  tags: network,clamav,unauth

network:
  - inputs:
      - data: "SCAN /nonexistent/{{to_lower(rand_text_alpha(10))}}\r\n"
    host:
      - "{{Hostname}}"
      - "{{Host}}:3310"
    read-size: 48
    matchers:
      - type: word
        words:
          - "No such file"
Add clamav-unauth 2022-10-24 00:51:53 +00:00			`id: clamav-unauth`

			`info:`
			`name: ClamAV Server - Unauthenticated Access`
			`author: dwisiswant0`
			`severity: high`
			`description: \|`
			`ClamAV server 0.99.2, and possibly other previous versions, allow the execution`
			`of dangerous service commands without authentication. Specifically, the command 'SCAN'`
			`may be used to list system files and the command 'SHUTDOWN' shut downs the service.`
			`reference:`
			`- https://seclists.org/nmap-dev/2016/q2/201`
			`- https://bugzilla.clamav.net/show_bug.cgi?id=11585`
			`tags: network,clamav,unauth`

			`network:`
			`- inputs:`
			`- data: "SCAN /nonexistent/{{to_lower(rand_text_alpha(10))}}\r\n"`
			`host:`
			`- "{{Hostname}}"`
			`- "{{Host}}:3310"`
			`read-size: 48`
			`matchers:`
			`- type: word`
			`words:`
			`- "No such file"`