Merge pull request #10297 from ryanborum/patch-3

Improved shodan query for CVE-2024-36401.yaml
2024-07-16 18:05:10 +05:30 · 2024-07-16 18:05:10 +05:30 · 78dabffabb
parent 905b914f7c 2db502e313
commit 78dabffabb
1 changed files with 3 additions and 3 deletions
--- a/http/cves/2024/CVE-2024-36401.yaml
+++ b/http/cves/2024/CVE-2024-36401.yaml
@ -2,7 +2,7 @@ id: CVE-2024-36401

 info:
  name: GeoServer RCE in Evaluating Property Name Expressions
-  author: DhiyaneshDk
+  author: DhiyaneshDk,ryanborum
  severity: critical
  description: |
    In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
@ -18,7 +18,7 @@ info:
    max-request: 1
    vendor: osgeo
    product: geoserver
-    shodan-query: http.title:"geoserver"
+    shodan-query: "Server: GeoHttpServer"
    fofa-query:
      - title="geoserver"
      - app="geoserver"
@ -65,4 +65,4 @@ http:
        part: content_type
        words:
          - "application/xml"
-# digest: 4a0a004730450220735fae2d600334ad0b407f6e2a0905a071226561197d52236f48b8065ee38fa4022100c16a9085e40790dda9b6217e62a1d5fc3d0d68d7443cf10582b55cece0c2e632:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220735fae2d600334ad0b407f6e2a0905a071226561197d52236f48b8065ee38fa4022100c16a9085e40790dda9b6217e62a1d5fc3d0d68d7443cf10582b55cece0c2e632:922c64590222798bb761d5b6d8e72950