TemplateMan Update [Wed Sep 27 13:29:58 UTC 2023] 🤖
GitHub Action
parent
9cbcb77b26
commit
627e654d30
|
|
@ -10,12 +10,12 @@ info:
|
|||
- https://www.exploit-db.com/ghdb/7179
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cvss-score: 10
|
||||
cwe-id: CWE-912
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: http.html:"ZTE Corporation"
|
||||
verified: true
|
||||
tags: edb,network,zte,telnet,backdoor,router
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,14 +7,14 @@ info:
|
|||
description: VSFTPD 2.3.4 contains a backdoor command execution vulnerability.
|
||||
reference:
|
||||
- https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor/
|
||||
remediation: This backdoor was removed on July 3rd, 2011.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cvss-score: 10
|
||||
cwe-id: CWE-78
|
||||
remediation: This backdoor was removed on July 3rd, 2011.
|
||||
tags: network,vsftpd,ftp,backdoor
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,vsftpd,ftp,backdoor
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -5,23 +5,23 @@ info:
|
|||
author: iamthefrogy
|
||||
severity: high
|
||||
description: SSHv1 is deprecated and has known cryptographic issues.
|
||||
remediation: Upgrade to SSH 2.4 or later.
|
||||
reference:
|
||||
- https://www.kb.cert.org/vuls/id/684820
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2001-1473
|
||||
- http://www.kb.cert.org/vuls/id/684820
|
||||
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6603
|
||||
remediation: Upgrade to SSH 2.4 or later.
|
||||
classification:
|
||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2001-1473
|
||||
cwe-id: CWE-310
|
||||
epss-score: 0.00258
|
||||
cpe: cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*
|
||||
epss-score: 0.00258
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: ssh
|
||||
max-request: 1
|
||||
product: ssh
|
||||
vendor: ssh
|
||||
tags: cve,cve2001,network,ssh,openssh
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -5,24 +5,24 @@ info:
|
|||
author: pdteam
|
||||
severity: critical
|
||||
description: ProFTPD 1.3.5 contains a remote code execution vulnerability via the mod_copy module which allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
|
||||
remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.
|
||||
reference:
|
||||
- https://github.com/t0kx/exploit-CVE-2015-3306
|
||||
- https://www.exploit-db.com/exploits/36803/
|
||||
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157053.html
|
||||
- http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157054.html
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2015-3306
|
||||
remediation: Upgrade to ProFTPD 1.3.5a / 1.3.6rc1 or later.
|
||||
classification:
|
||||
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
|
||||
cvss-score: 10
|
||||
cve-id: CVE-2015-3306
|
||||
cwe-id: CWE-284
|
||||
epss-score: 0.97267
|
||||
cpe: cpe:2.3:a:proftpd:proftpd:1.3.5:*:*:*:*:*:*:*
|
||||
epss-score: 0.97267
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: proftpd
|
||||
max-request: 1
|
||||
product: proftpd
|
||||
vendor: proftpd
|
||||
tags: cve,cve2015,ftp,rce,network,proftpd,edb
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -5,25 +5,25 @@ info:
|
|||
author: pussycat0x
|
||||
severity: critical
|
||||
description: HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. This vulnerability exists because of an incomplete fix for CVE-2014-2623.
|
||||
remediation: |
|
||||
Upgrade to the most recent version of HP Data Protector.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/39858
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-2004
|
||||
- http://www.kb.cert.org/vuls/id/267328
|
||||
- https://www.exploit-db.com/exploits/39858/
|
||||
- http://packetstormsecurity.com/files/137199/HP-Data-Protector-A.09.00-Command-Execution.html
|
||||
remediation: |
|
||||
Upgrade to the most recent version of HP Data Protector.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2016-2004
|
||||
cwe-id: CWE-306
|
||||
epss-score: 0.06793
|
||||
cpe: cpe:2.3:a:hp:data_protector:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.06793
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: hp
|
||||
max-request: 1
|
||||
product: data_protector
|
||||
vendor: hp
|
||||
tags: cve,cve2016,network,iot,hp,rce,edb
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2016-3510
|
||||
cwe-id: CWE-119
|
||||
epss-score: 0.0162000000
|
||||
epss-score: 0.0162
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
verified: true
|
||||
tags: cve,cve2016,weblogic,t3,rce,oast,deserialization,network
|
||||
|
||||
|
|
|
|||
|
|
@ -6,24 +6,24 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. The Cluster Management Protocol utilizes Telnet internally as a signaling and command protocol between cluster members. The vulnerability is due to the combination of two factors: (1) the failure to restrict the use of CMP-specific Telnet options only to internal, local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device; and (2) the incorrect processing of malformed CMP-specific Telnet options. An attacker could exploit this vulnerability by sending malformed CMP-specific Telnet options while establishing a Telnet session with an affected Cisco device configured to accept Telnet connections. An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device. This affects Catalyst switches, Embedded Service 2020 switches, Enhanced Layer 2 EtherSwitch Service Module, Enhanced Layer 2/3 EtherSwitch Service Module, Gigabit Ethernet Switch Module (CGESM) for HP, IE Industrial Ethernet switches, ME 4924-10GE switch, RF Gateway 10, and SM-X Layer 2/3 EtherSwitch Service Module. Cisco Bug IDs: CSCvd48893.
|
||||
remediation: Deactivate a telnet connection or employ Access Control Lists (ACLs) to limit access.
|
||||
reference:
|
||||
- https://github.com/artkond/cisco-rce
|
||||
- https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/
|
||||
- https://github.com/rapid7/metasploit-framework/blob/master/documentation/modules/auxiliary/dos/cisco/ios_telnet_rocem.md
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-3881
|
||||
- http://www.securitytracker.com/id/1038059
|
||||
remediation: Deactivate a telnet connection or employ Access Control Lists (ACLs) to limit access.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-3881
|
||||
cwe-id: CWE-20
|
||||
epss-score: 0.97332
|
||||
cpe: cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.97332
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: cisco
|
||||
max-request: 1
|
||||
product: ios
|
||||
vendor: cisco
|
||||
tags: cve,cve2017,cisco,rce,network,kev,msf
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -6,25 +6,25 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
|
||||
remediation: |
|
||||
Consider updating to Log4j 2.15.0 or a newer version, deactivating JNDI lookups, or implementing a Java Agent to safeguard against potentially harmful JNDI lookups.
|
||||
reference:
|
||||
- https://github.com/vulhub/vulhub/tree/master/log4j/CVE-2017-5645
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2017-5645
|
||||
- http://www.openwall.com/lists/oss-security/2019/12/19/2
|
||||
- http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html
|
||||
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
|
||||
remediation: |
|
||||
Consider updating to Log4j 2.15.0 or a newer version, deactivating JNDI lookups, or implementing a Java Agent to safeguard against potentially harmful JNDI lookups.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2017-5645
|
||||
cwe-id: CWE-502
|
||||
epss-score: 0.74805
|
||||
cpe: cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.74805
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: apache
|
||||
max-request: 1
|
||||
product: log4j
|
||||
vendor: apache
|
||||
tags: cve,cve2017,vulhub,network,apache,log4j,rce,deserialization,oast,
|
||||
variables:
|
||||
end: "\r\n"
|
||||
|
|
|
|||
|
|
@ -16,9 +16,9 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2018-2893
|
||||
epss-score: 0.973460000
|
||||
epss-score: 0.97346
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: cve,cve2018,weblogic,network,deserialization,rce,oracle
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@ info:
|
|||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-11981
|
||||
cwe-id: CWE-78
|
||||
epss-score: 0.936930000
|
||||
epss-score: 0.93693
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"redis"
|
||||
verified: true
|
||||
tags: cve,cve2020,network,redis,unauth,apache,airflow,vulhub,intrusive
|
||||
|
|
|
|||
|
|
@ -5,25 +5,25 @@ info:
|
|||
author: milo2012
|
||||
severity: critical
|
||||
description: When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses. It was expected (and recommended in the security guide) that this Connector would be disabled if not required. This vulnerability report identified a mechanism that allowed - returning arbitrary files from anywhere in the web application - processing any file in the web application as a JSP Further, if the web application allowed file upload and stored those files within the web application (or the attacker was able to control the content of the web application by some other means) then this, along with the ability to process a file as a JSP, made remote code execution possible. It is important to note that mitigation is only required if an AJP port is accessible to untrusted users. Users wishing to take a defence-in-depth approach and block the vector that permits returning arbitrary files and execution as JSP may upgrade to Apache Tomcat 9.0.31, 8.5.51 or 7.0.100 or later. A number of changes were made to the default AJP Connector configuration in 9.0.31 to harden the default configuration. It is likely that users upgrading to 9.0.31, 8.5.51 or 7.0.100 or later will need to make small changes to their configurations.
|
||||
remediation: https://access.redhat.com/solutions/4851251
|
||||
reference:
|
||||
- https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-1938
|
||||
- https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
|
||||
- https://lists.apache.org/thread.html/r75113652e46c4dee687236510649acfb70d2c63e074152049c3f399d@%3Cnotifications.ofbiz.apache.org%3E
|
||||
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00025.html
|
||||
remediation: https://access.redhat.com/solutions/4851251
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-1938
|
||||
cwe-id: CWE-269
|
||||
epss-score: 0.97486
|
||||
cpe: cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*
|
||||
epss-score: 0.97486
|
||||
metadata:
|
||||
max-request: 4
|
||||
vendor: apache
|
||||
max-request: 1
|
||||
product: geode
|
||||
shodan-query: title:"Apache Tomcat"
|
||||
vendor: apache
|
||||
tags: cve,cve2020,kev,tenable,apache,lfi,network,tomcat
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -6,24 +6,24 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
OpenSMTPD versions 6.4.0 - 6.6.1 are susceptible to remote code execution. smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session, as demonstrated by shell metacharacters in a MAIL FROM field. This affects the "uncommented" default configuration. The issue exists because of an incorrect return value upon failure of input validation.
|
||||
remediation: OpenBSD users are recommended to install patches for OpenBSD 6.6
|
||||
reference:
|
||||
- https://www.openwall.com/lists/oss-security/2020/01/28/3
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2020-7247
|
||||
- https://github.com/openbsd/src/commit/9dcfda045474d8903224d175907bfc29761dcb45
|
||||
- http://www.openwall.com/lists/oss-security/2020/01/28/3
|
||||
- http://packetstormsecurity.com/files/156145/OpenSMTPD-6.6.2-Remote-Code-Execution.html
|
||||
remediation: OpenBSD users are recommended to install patches for OpenBSD 6.6
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2020-7247
|
||||
cwe-id: CWE-755
|
||||
epss-score: 0.9749
|
||||
cpe: cpe:2.3:a:openbsd:opensmtpd:6.6:*:*:*:*:*:*:*
|
||||
epss-score: 0.9749
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: openbsd
|
||||
max-request: 1
|
||||
product: opensmtpd
|
||||
vendor: openbsd
|
||||
tags: cve,cve2020,smtp,opensmtpd,network,rce,oast,kev
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,6 @@ info:
|
|||
author: Y4er
|
||||
severity: critical
|
||||
description: 'When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE.'
|
||||
remediation: 3.0.x users should upgrade to 3.0.26, 3.11.x users should upgrade to 3.11.12, 4.0.x users should upgrade to 4.0.2
|
||||
reference:
|
||||
- https://y4er.com/post/cve-2021-44521-apache-cassandra-udf-rce/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-44521
|
||||
|
|
@ -13,17 +12,18 @@ info:
|
|||
- https://lists.apache.org/thread/y4nb9s4co34j8hdfmrshyl09lokm7356
|
||||
- http://www.openwall.com/lists/oss-security/2022/02/11/4
|
||||
- https://thesecmaster.com/how-to-fix-apache-cassandra-rce-vulnerability-cve-2021-44521/
|
||||
remediation: 3.0.x users should upgrade to 3.0.26, 3.11.x users should upgrade to 3.11.12, 4.0.x users should upgrade to 4.0.2
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 9.1
|
||||
cve-id: CVE-2021-44521
|
||||
cwe-id: CWE-732,CWE-94
|
||||
epss-score: 0.01212
|
||||
cpe: cpe:2.3:a:apache:cassandra:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.01212
|
||||
metadata:
|
||||
max-request: 2
|
||||
vendor: apache
|
||||
max-request: 1
|
||||
product: cassandra
|
||||
vendor: apache
|
||||
tags: cve,cve2021,network,rce,apache,cassandra
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -9,24 +9,24 @@ info:
|
|||
vulnerability was introduced by Debian and Ubuntu Redis packages that
|
||||
insufficiently sanitized the Lua environment. The maintainers failed to
|
||||
disable the package interface, allowing attackers to load arbitrary libraries.
|
||||
remediation: Update to the most recent versions currently available.
|
||||
reference:
|
||||
- https://www.ubercomp.com/posts/2022-01-20_redis_on_debian_rce
|
||||
- https://attackerkb.com/topics/wyA1c1HIC8/cve-2022-0543/rapid7-analysis#rapid7-analysis
|
||||
- https://bugs.debian.org/1005787
|
||||
- https://www.debian.org/security/2022/dsa-5081
|
||||
- https://lists.debian.org/debian-security-announce/2022/msg00048.html
|
||||
remediation: Update to the most recent versions currently available.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10
|
||||
cve-id: CVE-2022-0543
|
||||
epss-score: 0.97184
|
||||
cpe: cpe:2.3:a:redis:redis:-:*:*:*:*:*:*:*
|
||||
epss-score: 0.97184
|
||||
metadata:
|
||||
max-request: 4
|
||||
vendor: redis
|
||||
max-request: 1
|
||||
product: redis
|
||||
shodan-query: redis_version
|
||||
vendor: redis
|
||||
tags: cve,cve2022,network,redis,unauth,rce,kev
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -6,27 +6,27 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
In Apache CouchDB prior to 3.2.2, an attacker can access an improperly secured default installation without authenticating and gain admin privileges.
|
||||
remediation: |
|
||||
Upgrade to versions 3.2.2 or newer. Starting from CouchDB 3.2.2, the previous default Erlang cookie value "monster" will be rejected upon startup. Upgraded installations will be required to select an alternative value.
|
||||
reference:
|
||||
- https://www.exploit-db.com/exploits/50914
|
||||
- https://github.com/sadshade/CVE-2022-24706-CouchDB-Exploit/blob/main/CVE-2022-24706-Exploit.py
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-24706
|
||||
- http://www.openwall.com/lists/oss-security/2022/04/26/1
|
||||
- http://www.openwall.com/lists/oss-security/2022/05/09/1
|
||||
remediation: |
|
||||
Upgrade to versions 3.2.2 or newer. Starting from CouchDB 3.2.2, the previous default Erlang cookie value "monster" will be rejected upon startup. Upgraded installations will be required to select an alternative value.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2022-24706
|
||||
cwe-id: CWE-1188
|
||||
epss-score: 0.97407
|
||||
cpe: cpe:2.3:a:apache:couchdb:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.97407
|
||||
metadata:
|
||||
verified: "true"
|
||||
max-request: 2
|
||||
vendor: apache
|
||||
max-request: 1
|
||||
product: couchdb
|
||||
shodan-query: product:"CouchDB"
|
||||
vendor: apache
|
||||
verified: "true"
|
||||
tags: cve,cve2022,network,couch,rce,kev
|
||||
variables:
|
||||
name_msg: "00156e00050007499c4141414141414041414141414141"
|
||||
|
|
|
|||
|
|
@ -6,27 +6,27 @@ info:
|
|||
severity: critical
|
||||
description: |
|
||||
For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. Several components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. To prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .
|
||||
remediation: Update the RocketMQ application to version 5.1.1
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2023-33246
|
||||
- https://github.com/I5N0rth/CVE-2023-33246
|
||||
- http://packetstormsecurity.com/files/173339/Apache-RocketMQ-5.1.0-Arbitrary-Code-Injection.html
|
||||
- http://www.openwall.com/lists/oss-security/2023/07/12/1
|
||||
- https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp
|
||||
remediation: Update the RocketMQ application to version 5.1.1
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
||||
cvss-score: 9.8
|
||||
cve-id: CVE-2023-33246
|
||||
cwe-id: CWE-94
|
||||
epss-score: 0.95581
|
||||
cpe: cpe:2.3:a:apache:rocketmq:*:*:*:*:*:*:*:*
|
||||
epss-score: 0.95581
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 2
|
||||
vendor: apache
|
||||
fofa-query: protocol="rocketmq"
|
||||
max-request: 1
|
||||
product: rocketmq
|
||||
shodan-query: title:"RocketMQ"
|
||||
fofa-query: protocol="rocketmq"
|
||||
vendor: apache
|
||||
verified: true
|
||||
tags: cve,cve2023,rocketmq,rce,oast,intrusive,network
|
||||
variables:
|
||||
part_a: '{{ hex_decode ("000000d2000000607b22636f6465223a32352c22666c6167223a302c226c616e6775616765223a224a415641222c226f7061717565223a302c2273657269616c697a655479706543757272656e74525043223a224a534f4e222c2276657273696f6e223a3339357d66696c7465725365727665724e756d733d310a726f636b65746d71486f6d653d2d632024407c7368202e206563686f206375726c20") }}'
|
||||
|
|
|
|||
|
|
@ -4,13 +4,13 @@ info:
|
|||
name: FTP Anonymous Login
|
||||
author: C3l3si4n,pussycat0x
|
||||
severity: medium
|
||||
reference:
|
||||
- https://tools.ietf.org/html/rfc2577
|
||||
description: |
|
||||
Anonymous FTP access allows anyone to access your public_ftp folder, allowing unidentified visitors to download (and possibly upload) files on your website. Anonymous FTP creates the potential for a security hole for hackers and is not recommended.
|
||||
tags: network,ftp,default-login
|
||||
reference:
|
||||
- https://tools.ietf.org/html/rfc2577
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,ftp,default-login
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -8,11 +8,11 @@ info:
|
|||
reference:
|
||||
- https://docs.microsoft.com/en-us/iis/configuration/system.applicationhost/sites/sitedefaults/ftpserver/security/authentication/
|
||||
classification:
|
||||
cvss-score: 8.5
|
||||
cvss-metrics: 3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N
|
||||
tags: network,ftp,default-login,service
|
||||
cvss-score: 8.5
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,ftp,default-login,service
|
||||
|
||||
tcp:
|
||||
|
||||
|
|
|
|||
|
|
@ -13,9 +13,9 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-284
|
||||
tags: network,ldap,default-login,tenable
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,ldap,default-login,tenable
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
OpenWire is the native protocol that Apache ActiveMQ uses. It is designed for performance and size on the wire - sacrificing some ease of implementation with higher performance and reduced network bandwidth as a priority.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"ActiveMQ OpenWire transport"
|
||||
verified: true
|
||||
shodan-query: 'product:"ActiveMQ OpenWire transport"'
|
||||
tags: network,activemq,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
Apache ActiveMQ is an open source message broker written in Java together with a full Java Message Service client. It provides "Enterprise Features" which in this case means fostering the communication from more than one client or server.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"Apache ActiveMQ"
|
||||
verified: true
|
||||
shodan-query: 'product:"Apache ActiveMQ"'
|
||||
tags: network,activemq,oss,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@ info:
|
|||
description: |
|
||||
Axigen Mail Server was detected.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
fofa-query: app="axigen-Mail-Server"
|
||||
max-request: 1
|
||||
shodan-query: product:"Axigen"
|
||||
verified: true
|
||||
tags: network,axigen,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
The finger daemon runs on TCP port 79. The client will (in the case of remote hosts) open a connection to port 79.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"Cisco fingerd"
|
||||
verified: true
|
||||
tags: network,finger,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
Clam AntiVirus is a free software, cross-platform antimalware toolkit able to detect many types of malware, including viruses.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: port:3310 product:"ClamAV"
|
||||
verified: true
|
||||
shodan-query: 'port:3310 product:"ClamAV"'
|
||||
tags: network,clamav,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
Native transport requests (NTR) are any requests made via the CQL Native Protocol. CQL Native Protocol is the way the Cassandra driver communicates with the server.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: cassandra
|
||||
verified: true
|
||||
shodan-query: "cassandra"
|
||||
tags: network,cassandra,cql,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -10,11 +10,10 @@ info:
|
|||
- http://www.addpac.com/addpac_eng2/down.php?file=505_f16.pdf
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: network,addpac,apos,voip,detect
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,addpac,apos,voip,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -9,11 +9,10 @@ info:
|
|||
- https://datatracker.ietf.org/doc/html/rfc6120
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: network,jabber,xmpp,messaging,detect
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,jabber,xmpp,messaging,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -8,12 +8,11 @@ info:
|
|||
Microsoft .NET Remoting httpd was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"MS .NET Remoting httpd"
|
||||
verified: true
|
||||
tags: network,detect,microsoft
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -6,14 +6,14 @@ info:
|
|||
severity: low
|
||||
description: |
|
||||
The SSH server is configured to support Cipher Block Chaining (CBC) encryption. This may allow an attacker to recover the plaintext message from the ciphertext.
|
||||
remediation: |
|
||||
Disable CBC Ciphers.
|
||||
reference: |
|
||||
https://www.tenable.com/plugins/nessus/70658
|
||||
remediation: |
|
||||
Disable CBC Ciphers.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"Dropbear sshd"
|
||||
verified: true
|
||||
shodan-query: 'product:"Dropbear sshd"'
|
||||
tags: network,ssh,dropbear,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -10,12 +10,11 @@ info:
|
|||
- https://nmap.org/nsedoc/scripts/smtp-open-relay.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: ESMTP
|
||||
verified: true
|
||||
shodan-query: 'ESMTP'
|
||||
tags: network,detect,smtp,mail
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ info:
|
|||
severity: info
|
||||
description: |
|
||||
The "EXPN" can be used by attackers to learn about valid usernames on the target system. On some SMTP servers, EXPN can be used to show the subscribers of a mailing list subscription lists are generally considered to be sensitive information.
|
||||
tags: mail,expn,network,detect
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: mail,expn,network,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
The finger daemon runs on TCP port 79. The client will (in the case of remote hosts) open a connection to port 79.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: port:"79" action
|
||||
verified: true
|
||||
tags: network,finger,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"GNU Inetutils FTPd"
|
||||
verified: true
|
||||
shodan-query: 'product:"GNU Inetutils FTPd"'
|
||||
tags: network,ftp,smartgateway,gnu,inetutils,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,11 +8,10 @@ info:
|
|||
Gopher service was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: network,gopher,detect
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,gopher,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -10,12 +10,11 @@ info:
|
|||
- https://nmap.org/nsedoc/scripts/db2-das-info.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"IBM DB2 Database Server"
|
||||
verified: true
|
||||
tags: network,ibm,database,db,db2,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,12 +8,11 @@ info:
|
|||
IMAP was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: imap
|
||||
verified: true
|
||||
shodan-query: 'imap'
|
||||
tags: network,detect,imap,mail
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,11 +8,10 @@ info:
|
|||
iPlanet Messaging Server IMAP protocol was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
fofa-query: app="iPlanet-Messaging-Server-5.2" && protocol="imap"
|
||||
max-request: 1
|
||||
tags: network,imap,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: Microsoft FTP Service
|
||||
verified: true
|
||||
shodan-query: "Microsoft FTP Service"
|
||||
tags: network,ftp,microsoft,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"MikroTik router ftpd"
|
||||
verified: true
|
||||
shodan-query: 'product:"MikroTik router ftpd"'
|
||||
tags: network,ftp,mikrotik,router,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,12 +8,11 @@ info:
|
|||
MikroTik RouterOS API was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"MikroTik RouterOS API Service"
|
||||
verified: true
|
||||
tags: network,mikrotik,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -6,15 +6,14 @@ info:
|
|||
severity: info
|
||||
description: |
|
||||
MongoDB service was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference:
|
||||
- https://github.com/orleven/Tentacle
|
||||
tags: network,mongodb,detect
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,mongodb,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -11,10 +11,10 @@ info:
|
|||
- https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-mqqb/50da7ea1-eed7-41f9-ba6a-2aa37f5f1e92
|
||||
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21554
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
shodan-query: MSMQ
|
||||
censys-query: services.service_name:MSMQ
|
||||
max-request: 1
|
||||
shodan-query: MSMQ
|
||||
verified: true
|
||||
tags: network,msmq,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,12 +8,11 @@ info:
|
|||
MySQL instance was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"MySQL"
|
||||
verified: true
|
||||
tags: network,mysql,db,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -6,19 +6,18 @@ info:
|
|||
severity: info
|
||||
description: |
|
||||
OpenSSH service was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
reference:
|
||||
- http://www.openwall.com/lists/oss-security/2016/08/01/2
|
||||
- http://www.openwall.com/lists/oss-security/2018/08/15/5
|
||||
- http://seclists.org/fulldisclosure/2016/Jul/51
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2016-6210
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2018-15473
|
||||
tags: seclists,network,ssh,openssh,detect
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: seclists,network,ssh,openssh,detect
|
||||
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -11,12 +11,11 @@ info:
|
|||
- https://www.postgresql.org/docs/current/client-authentication-problems.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: port:5432 product:"PostgreSQL"
|
||||
verified: true
|
||||
tags: network,postgresql,db,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -10,12 +10,11 @@ info:
|
|||
- https://nmap.org/nsedoc/scripts/pop3-ntlm-info.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: pop3 port:110
|
||||
verified: true
|
||||
shodan-query: 'pop3 port:110'
|
||||
tags: network,detect,pop3,mail
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"ProFTPD"
|
||||
verified: true
|
||||
shodan-query: 'product:"ProFTPD"'
|
||||
tags: network,ftp,proftpd,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ info:
|
|||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/amqp-info.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"RabbitMQ"
|
||||
verified: true
|
||||
tags: network,rabbitmq,oss,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,10 +8,9 @@ info:
|
|||
Windows Remote Desktop Protocol was detected.
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
verified: true
|
||||
tags: network,windows,rdp,detect
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 4
|
||||
max-request: 1
|
||||
shodan-query: product:"redis"
|
||||
verified: true
|
||||
tags: network,redis,detect
|
||||
|
|
|
|||
|
|
@ -6,9 +6,9 @@ info:
|
|||
severity: info
|
||||
description: Riak is a distributed NoSQL key-value data store that offers high availability, fault tolerance, operational simplicity, and scalability.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"Riak"
|
||||
verified: true
|
||||
tags: network,oss,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,12 +8,11 @@ info:
|
|||
reference: https://book.hacktricks.xyz/pentesting/pentesting-rpcbind
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: port:"111"
|
||||
verified: true
|
||||
tags: network,rpcbind,portmap,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -10,11 +10,10 @@ info:
|
|||
- https://linux.die.net/man/1/rsync
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: network,rsyncd,detect
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,rsyncd,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -10,12 +10,11 @@ info:
|
|||
https://nmap.org/nsedoc/scripts/rtsp-methods.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: RTSP/1.0
|
||||
verified: true
|
||||
tags: network,rtsp,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -8,12 +8,12 @@ info:
|
|||
reference:
|
||||
- https://www.samba.org/samba/what_is_samba.html
|
||||
- https://www.samba.org/samba/history/security.html
|
||||
remediation: Always apply the latest security patch.
|
||||
classification:
|
||||
cwe-id: CWE-200
|
||||
remediation: Always apply the latest security patch.
|
||||
tags: network,smb,samba,detect
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,smb,samba,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ info:
|
|||
name: SAPRouter Detection
|
||||
author: randomstr1ng
|
||||
severity: info
|
||||
tags: network,sap,detect
|
||||
description: |
|
||||
SAProuter is a software application that provides a remote connection between our customer's network and SAP.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,sap,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ info:
|
|||
name: SMB Detection
|
||||
author: pussycat0x
|
||||
severity: low
|
||||
tags: network,windows,smb,service,detect
|
||||
description: |
|
||||
SMB (Server Message Block) is a network-layered protocol mainly used on Windows for sharing files, printers, and communication between network-attached computers. SMB related vulnerabilities can be levaraged to compromise large-scale systems.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,windows,smb,service,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ info:
|
|||
name: SMTP Service Detection
|
||||
author: pussycat0x
|
||||
severity: info
|
||||
tags: network,service,smtp,detect
|
||||
description: |
|
||||
SMTP is part of the application layer of the TCP/IP protocol. Using a process called “store and forward,” SMTP moves your email on and across networks.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,service,smtp,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
Dropbear is a software package written by Matt Johnston that provides a Secure Shell-compatible server and client. It is designed as a replacement for standard OpenSSH for environments with low memory and processor resources, such as embedded systems
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"Dropbear sshd"
|
||||
verified: true
|
||||
shodan-query: 'product:"Dropbear sshd"'
|
||||
tags: network,ssh,dropbear,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ info:
|
|||
name: STARTTLS Mail Server Detection
|
||||
author: r3dg33k
|
||||
severity: info
|
||||
tags: mail,starttls,network,detect
|
||||
description: |
|
||||
STARTTLS is an email protocol command that tells an email server that an email client, including an email client running in a web browser, wants to turn an existing insecure connection into a secure one.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: mail,starttls,network,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ info:
|
|||
description: |
|
||||
ServerQuery is a commandline based administration tool/feature of TeamSpeak 3 server.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"TeamSpeak 3 ServerQuery"
|
||||
verified: true
|
||||
tags: network,service,teamspeak3,detect
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
Telnet is a network protocol used to virtually access a computer and to provide a two-way, collaborative and text-based communication channel between two machines.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: port:23 telnet
|
||||
verified: true
|
||||
tags: network,telnet,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ info:
|
|||
name: Totemomail SMTP Server Detection
|
||||
author: princechaddha
|
||||
severity: info
|
||||
tags: mail,smtp,network,totemomail,detect
|
||||
description: |
|
||||
Totemomail is a comprehensive email solution designed to address all aspects of digital communication security.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: mail,smtp,network,totemomail,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
vmauthd is the VMWare authentication daemon that is included with many VMWare products, including ESX(i), and Workstation.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"VMware Authentication Daemon"
|
||||
verified: true
|
||||
shodan-query: 'product:"VMware Authentication Daemon"'
|
||||
tags: network,vmware,authenticated,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: A Virtual Network Computing (VNC) service was detected.
|
||||
classification:
|
||||
cwe-id: CWE-200
|
||||
tags: network,vnc,service,detect
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,vnc,service,detect
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
The File Transfer Protocol (FTP) is a standard network protocol used to transfer computer files between a client and server on a computer network.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"Xlight ftpd"
|
||||
verified: true
|
||||
shodan-query: 'product:"Xlight ftpd"'
|
||||
tags: network,ftp,xlight,detect
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -10,12 +10,11 @@ info:
|
|||
- https://nmap.org/nsedoc/scripts/mongodb-info.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: mongodb server information
|
||||
verified: true
|
||||
tags: network,mongodb,enum
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -6,12 +6,12 @@ info:
|
|||
severity: info
|
||||
description: |
|
||||
Niagara Fox Protocol is a building automation protocol used between the Niagara software systems by Tridium.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
shodan-query: 'product:"Niagara Fox"'
|
||||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/fox-info.html
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: product:"Niagara Fox"
|
||||
verified: true
|
||||
tags: network,fox,niagara,enum
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
reference:
|
||||
- https://medium.com/@netscylla/pentesters-guide-to-postgresql-hacking-59895f4f007
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: port:5432 product:"PostgreSQL"
|
||||
verified: "true"
|
||||
tags: network,postgresql,db,unauth,enum,psql
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ info:
|
|||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/smtp-commands.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: smtp
|
||||
verified: true
|
||||
shodan-query: 'smtp'
|
||||
tags: network,enum,smtp,mail
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
reference:
|
||||
- https://nmap.org/nsedoc/scripts/smtp-enum-users.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: smtp
|
||||
verified: true
|
||||
tags: network,enum,smtp,mail
|
||||
|
|
|
|||
|
|
@ -15,9 +15,9 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
tags: network,cisco,smi,exposure
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,cisco,smi,exposure
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ info:
|
|||
- https://doublepulsar.com/root-bridge-how-thousands-of-internet-connected-android-devices-now-have-no-security-and-are-b46a68cb0f20
|
||||
- https://www.hackeracademy.org/how-to-hack-android-device-with-adb-android-debugging-bridge
|
||||
- https://www.securezoo.com/2018/06/thousands-of-android-devices-leave-debug-port-5555-exposed/
|
||||
tags: network,adb,rce,android,exposure
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,adb,rce,android,exposure
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: |
|
||||
Docker Daemon exposed on the network map can help remote attacker to gain access to the Docker containers and potentially the host system.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: port:2375 product:"docker"
|
||||
verified: true
|
||||
tags: network,docker,exposure
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ info:
|
|||
cvss-score: 7.2
|
||||
cwe-id: CWE-306
|
||||
metadata:
|
||||
max-request: 4
|
||||
max-request: 1
|
||||
tags: network,redis,unauth,exposure
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: Apache ZooKeeper was able to be accessed without any required authentication.
|
||||
reference:
|
||||
- https://zookeeper.apache.org/security.html
|
||||
tags: network,zookeeper,unauth,exposure
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,zookeeper,unauth,exposure
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://dubbo.apache.org/en/docs3-v2/java-sdk/advanced-features-and-usage/security/auth/
|
||||
metadata:
|
||||
fofa-query: apache dubbo
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
verified: true
|
||||
tags: network,dubbo,apache,unauth,misconfig
|
||||
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ info:
|
|||
- https://rocketmq.apache.org/docs/bestPractice/03access
|
||||
metadata:
|
||||
fofa-query: protocol="rocketmq"
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: title:"RocketMQ"
|
||||
verified: true
|
||||
tags: network,rocketmq,broker,apache,unauth,misconfig
|
||||
|
|
|
|||
|
|
@ -8,13 +8,13 @@ info:
|
|||
ClamAV server 0.99.2, and possibly other previous versions, allow the execution
|
||||
of dangerous service commands without authentication. Specifically, the command 'SCAN'
|
||||
may be used to list system files and the command 'SHUTDOWN' shut downs the service.
|
||||
metadata:
|
||||
max-request: 2
|
||||
verified: true
|
||||
shodan-query: 'port:3310 product:"ClamAV" version:"0.99.2"'
|
||||
reference:
|
||||
- https://seclists.org/nmap-dev/2016/q2/201
|
||||
- https://bugzilla.clamav.net/show_bug.cgi?id=11585
|
||||
metadata:
|
||||
max-request: 1
|
||||
shodan-query: port:3310 product:"ClamAV" version:"0.99.2"
|
||||
verified: true
|
||||
tags: network,clamav,unauth,seclists,misconfig
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ info:
|
|||
author: lu4nx
|
||||
severity: high
|
||||
description: ClickHouse was able to be accessed with no required authentication in place.
|
||||
tags: network,clickhouse,unauth,misconfig
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,clickhouse,unauth,misconfig
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -6,14 +6,14 @@ info:
|
|||
severity: low
|
||||
description: |
|
||||
The SSH key exchange algorithm is fundamental to keep the protocol secure. It is what allows two previously unknown parties to generate a shared key in plain sight, and have that secret remain private to the client and server. Over time, some implementations of this algorithm have been identified as weak or vulnerable.
|
||||
remediation: |
|
||||
Disable the weak algorithms.
|
||||
reference: |
|
||||
https://www.virtuesecurity.com/kb/ssh-weak-key-exchange-algorithms-enabled
|
||||
remediation: |
|
||||
Disable the weak algorithms.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"Dropbear sshd"
|
||||
verified: true
|
||||
shodan-query: 'product:"Dropbear sshd"'
|
||||
tags: network,ssh,dropbear,misconfig
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -6,14 +6,14 @@ info:
|
|||
severity: low
|
||||
description: |
|
||||
The mac-alg command specifies which MAC algorithms in the SSH client profile for SSH encryption negotiation with an SFTP server when the DataPower Gateway acts as an SFTP client.
|
||||
remediation: |
|
||||
Disable MD5 and 96-bit MAC algorithms.
|
||||
reference: |
|
||||
https://www.virtuesecurity.com/kb/ssh-weak-mac-algorithms-enabled
|
||||
remediation: |
|
||||
Disable MD5 and 96-bit MAC algorithms.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: product:"Dropbear sshd"
|
||||
verified: true
|
||||
shodan-query: 'product:"Dropbear sshd"'
|
||||
tags: network,ssh,dropbear,misconfig
|
||||
|
||||
tcp:
|
||||
|
|
|
|||
|
|
@ -7,9 +7,9 @@ info:
|
|||
description: Ganglia is a scalable distributed monitoring system for high-performance computing systems such as clusters and Grids.
|
||||
reference:
|
||||
- http://ganglia.info/
|
||||
tags: ganglia,network,misconfig
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: ganglia,network,misconfig
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -4,11 +4,11 @@ info:
|
|||
name: Memcached stats disclosure
|
||||
author: pdteam
|
||||
severity: low
|
||||
tags: network,memcached,misconfig
|
||||
description: |
|
||||
Memcached stats is used to return server statistics such as PID, version, connections, etc.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,memcached,misconfig
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -10,9 +10,9 @@ info:
|
|||
- https://book.hacktricks.xyz/pentesting/27017-27018-mongodb
|
||||
- https://www.mongodb.com/features/mongodb-authentication
|
||||
remediation: Enable Authentication in MongoDB
|
||||
tags: network,mongodb,unauth,misconfig
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,mongodb,unauth,misconfig
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -9,11 +9,10 @@ info:
|
|||
- https://github.com/Tinram/MySQL-Brute
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
|
||||
cvss-score: 0.0
|
||||
cwe-id: CWE-200
|
||||
tags: network,mysql,bruteforce,db,misconfig
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,mysql,bruteforce,db,misconfig
|
||||
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -8,9 +8,9 @@ info:
|
|||
reference:
|
||||
- https://securityforeveryone.com/tools/saprouter-routing-information-leakage-vulnerability-scanner
|
||||
- https://support.sap.com/en/tools/connectivity-tools/saprouter.html
|
||||
tags: network,sap,misconfig
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,sap,misconfig
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
|
|
@ -9,9 +9,9 @@ info:
|
|||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
||||
cvss-score: 5.3
|
||||
cwe-id: CWE-200
|
||||
tags: network,tidb,bruteforce,db,misconfig
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: network,tidb,bruteforce,db,misconfig
|
||||
|
||||
tcp:
|
||||
- host:
|
||||
|
|
|
|||
|
|
@ -6,7 +6,7 @@ info:
|
|||
severity: high
|
||||
description: TiDB server was able to be accessed because no authentication was required.
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
zoomeye-query: tidb +port:"4000"
|
||||
tags: network,tidb,unauth,misconfig
|
||||
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ info:
|
|||
reference:
|
||||
- https://www.postgresql.org/docs/9.6/auth-methods.html
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
shodan-query: port:5432 product:"PostgreSQL"
|
||||
verified: "true"
|
||||
tags: network,postgresql,db,unauth,misconfig
|
||||
|
|
|
|||
|
|
@ -10,11 +10,11 @@ info:
|
|||
- https://blog.grimm-co.com/2021/07/old-dog-same-tricks.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
||||
cvss-score: 10.0
|
||||
cvss-score: 10
|
||||
cwe-id: CWE-77
|
||||
tags: clockwatch,rce,network
|
||||
metadata:
|
||||
max-request: 2
|
||||
max-request: 1
|
||||
tags: clockwatch,rce,network
|
||||
|
||||
tcp:
|
||||
- inputs:
|
||||
|
|
|
|||
Loading…
Reference in New Issue