From 0328b4bd5dcf40cde351f794b9c066c6c841d433 Mon Sep 17 00:00:00 2001
From: Prince Chaddha <prince@projectdiscovery.io>
Date: Tue, 9 Nov 2021 22:13:59 +0530
Subject: [PATCH] Update and rename CVE-2017-10974.yaml to
 cves/2017/CVE-2017-10974.yaml

---
 CVE-2017-10974.yaml => cves/2017/CVE-2017-10974.yaml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)
 rename CVE-2017-10974.yaml => cves/2017/CVE-2017-10974.yaml (63%)

diff --git a/CVE-2017-10974.yaml b/cves/2017/CVE-2017-10974.yaml
similarity index 63%
rename from CVE-2017-10974.yaml
rename to cves/2017/CVE-2017-10974.yaml
index 3d99cc4194..1e4cbc67c3 100644
--- a/CVE-2017-10974.yaml
+++ b/cves/2017/CVE-2017-10974.yaml
@@ -4,13 +4,16 @@ info:
   name: Yaws 1.91 - Remote File Disclosure
   author: 0x_Akoko
   severity: high
-  reference: https://www.exploit-db.com/exploits/42303
+  description: Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080
+  reference:
+    - https://www.exploit-db.com/exploits/42303
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-10974
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
     cve-id: CVE-2017-10974
     cwe-id: CWE-22
-  tags: cve,cve2017,yaws,rfd,lfi
+  tags: cve,cve2017,yaws,lfi
 
 
 requests:
@@ -31,3 +34,5 @@ requests:
       - type: dsl
         dsl:
           - '!contains(tolower(body), "<html")'
+          - '!contains(tolower(body), "<HTML")'
+        condition: or