Improved shodan query for CVE-2024-36401.yaml

Returns ~50k accurate results compared to ~900 before. Source: https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401
2024-07-16 08:04:14 -04:00 · 2024-07-16 08:04:14 -04:00 · 7d7ab858b2
parent 905b914f7c
commit 7d7ab858b2
1 changed files with 5 additions and 3 deletions
--- a/http/cves/2024/CVE-2024-36401.yaml
+++ b/http/cves/2024/CVE-2024-36401.yaml
@ -2,7 +2,9 @@ id: CVE-2024-36401

 info:
  name: GeoServer RCE in Evaluating Property Name Expressions
-  author: DhiyaneshDk
+  author: 
+   - DhiyaneshDk
+   - GarysMortalEnemy
  severity: critical
  description: |
    In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
@ -18,7 +20,7 @@ info:
    max-request: 1
    vendor: osgeo
    product: geoserver
-    shodan-query: http.title:"geoserver"
+    shodan-query: Server: GeoHttpServer
    fofa-query:
      - title="geoserver"
      - app="geoserver"
@ -65,4 +67,4 @@ http:
        part: content_type
        words:
          - "application/xml"
-# digest: 4a0a004730450220735fae2d600334ad0b407f6e2a0905a071226561197d52236f48b8065ee38fa4022100c16a9085e40790dda9b6217e62a1d5fc3d0d68d7443cf10582b55cece0c2e632:922c64590222798bb761d5b6d8e72950
+# digest: 4a0a004730450220735fae2d600334ad0b407f6e2a0905a071226561197d52236f48b8065ee38fa4022100c16a9085e40790dda9b6217e62a1d5fc3d0d68d7443cf10582b55cece0c2e632:922c64590222798bb761d5b6d8e72950