daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2284 from pikpikcu/patch-242 

Update CVE-2019-0221
patch-1
Sandeep Singh 2021-08-02 01:17:36 +05:30 committed by GitHub
parent 76fb40314a 0653fdc498
commit 56d3a2f1bd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cves/2019/CVE-2019-0221.yaml
View File

@ -7,6 +7,7 @@ info:
reference: |
- https://seclists.org/fulldisclosure/2019/May/50
- https://wwws.nightwatchcybersecurity.com/2019/05/27/xss-in-ssi-printenv-command-apache-tomcat-cve-2019-0221/
- https://www.exploit-db.com/exploits/50119
description: |
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and
7.0.0 to 7.0.93 echoes user provided data without escaping and is,
@ -18,6 +19,7 @@ requests:
- method: GET
path:
- "{{BaseURL}}/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"
- "{{BaseURL}}/ssi/printenv.shtml?%3Cscript%3Ealert(%27xss%27)%3C/script%3E"
matchers-condition: and
matchers: