diff --git a/cves/2020/CVE-2020-16846.yaml b/cves/2020/CVE-2020-16846.yaml
index 8114872351..ff7e0c4830 100644
--- a/cves/2020/CVE-2020-16846.yaml
+++ b/cves/2020/CVE-2020-16846.yaml
@@ -4,7 +4,8 @@ info:
   name: SaltStack <=3002 - Shell Injection
   author: dwisiswant0
   severity: critical
-  description: SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.
+  description: |
+    SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client.
   reference:
     - https://saltproject.io/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
     - https://mp.weixin.qq.com/s/R8qw_lWizGyeJS0jOcYXag
@@ -24,18 +25,24 @@ requests:
     body: "token=1337&client=ssh&tgt=*&fun=a&roster=projectdiscovery&ssh_priv=nuclei"
     headers:
       Content-Type: application/x-www-form-urlencoded # CherryPy will abort w/o define this header
+
     matchers-condition: and
     matchers:
+      - type: word
+        part: body
+        words:
+          - "An unexpected error occurred"
+
+      - type: dsl
+        dsl:
+          - regex("CherryPy\/([0-9.]+)", header) || regex("CherryPy ([0-9.]+)", body)
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
       - type: status
         status:
           - 500
-      - type: word
-        words:
-          - "application/json"
-        part: header
-      - type: word
-        words:
-          - "An unexpected error occurred"
-        part: body
-
 # Enhanced by mp on 2022/04/27