nuclei-templates/cves/2010/CVE-2010-1870.yaml

id: CVE-2010-1870

info:
  name: ListSERV Maestro <= 9.0-8 RCE
  author: b0yd
  severity: info
  description: Struts-based OGNL remote code execution in ListSERV Maestro before and including version 9.0-8.
  reference:
    - https://www.securifera.com/advisories/sec-2020-0001/
    - https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt
  tags: rce,listserv,ognl,cves,cve2010
  classification:
    cvss-metrics: AV:N/AC:L/Au:N/C:N/I:P/A:N
    cvss-score: 5.0
    cve-id: CVE-2010-1870
    cwe-id: CWE-917

requests:
  - method: GET
    path:
      - "{{BaseURL}}/lui/"
      - "{{BaseURL}}/hub/"

    extractors:
      - type: regex
        regex:
          - 'LISTSERV Maestro\s+9\.0-[123456780]'
          - 'LISTSERV Maestro\s+[5678]'
          - 'Administration Hub 9\.0-[123456780]'
          - 'Administration Hub [5678]'
Add information for CVE-2010-1870 2021-09-30 19:38:59 +00:00			`id: CVE-2010-1870`
LISTSERV Maestro 2021-07-01 19:14:33 +00:00
			`info:`
Removed extra lines and few updates 2021-07-06 18:14:06 +00:00			`name: ListSERV Maestro <= 9.0-8 RCE`
LISTSERV Maestro 2021-07-01 19:14:33 +00:00			`author: b0yd`
Removed extra lines and few updates 2021-07-06 18:14:06 +00:00			`severity: info`
Add information for CVE-2010-1870 2021-09-30 19:38:59 +00:00			`description: Struts-based OGNL remote code execution in ListSERV Maestro before and including version 9.0-8.`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- https://www.securifera.com/advisories/sec-2020-0001/`
			`- https://packetstormsecurity.com/files/159643/listservmaestro-exec.txt`
Add information for CVE-2010-1870 2021-09-30 19:38:59 +00:00			`tags: rce,listserv,ognl,cves,cve2010`
			`classification:`
			`cvss-metrics: AV:N/AC:L/Au:N/C:N/I:P/A:N`
			`cvss-score: 5.0`
			`cve-id: CVE-2010-1870`
			`cwe-id: CWE-917`
LISTSERV Maestro 2021-07-01 19:14:33 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/lui/"`
Removed extra lines and few updates 2021-07-06 18:14:06 +00:00			`- "{{BaseURL}}/hub/"`

Update listserv_maestro_rce.yaml 2021-07-06 18:22:24 +00:00			`extractors:`
LISTSERV Maestro 2021-07-01 19:14:33 +00:00			`- type: regex`
			`regex:`
			`- 'LISTSERV Maestro\s+9\.0-[123456780]'`
			`- 'LISTSERV Maestro\s+[5678]'`
			`- 'Administration Hub 9\.0-[123456780]'`
Add information for CVE-2010-1870 2021-09-30 19:38:59 +00:00			`- 'Administration Hub [5678]'`