daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Improved shodan query for CVE-2024-36401.yaml 

Returns ~50k accurate results compared to ~900 before. Source: https://www.vicarius.io/vsociety/posts/geoserver-rce-cve-2024-36401
patch-6
Ryan Borum 2024-07-16 08:04:14 -04:00 committed by GitHub
parent 905b914f7c
commit 7d7ab858b2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
http/cves/2024/CVE-2024-36401.yaml
View File

@ -2,7 +2,9 @@ id: CVE-2024-36401
info:
name: GeoServer RCE in Evaluating Property Name Expressions
author: DhiyaneshDk
author:
- DhiyaneshDk
- GarysMortalEnemy
severity: critical
description: |
In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions.
@ -18,7 +20,7 @@ info:
max-request: 1
vendor: osgeo
product: geoserver
shodan-query: http.title:"geoserver"
shodan-query: Server: GeoHttpServer
fofa-query:
- title="geoserver"
- app="geoserver"