minor-update

http/cves/2024/CVE-2024-46627.yaml

@@ -11,8 +11,11 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2024-46627
     - https://daly.wtf/cve-2024-46627-incorrect-access-control-in-becn-datagerry-v2-2-allows-attackers-to-execute-arbitrary-commands-via-crafted-web-requests/
+    - https://datagerry.com/
+    - https://github.com/DATAGerry/
+    - https://github.com/d4lyw/CVE-2024-46627
   classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.1
     cve-id: CVE-2024-46627
     cwe-id: CWE-284
@@ -23,9 +26,8 @@ info:
     max-request: 1
     vendor: becon
     product: datagerry
-    shodan-query:
+    shodan-query: http.title:"datagerry"
-      - http.title:"datagerry"
+  tags: cve,cve2024,becon,datagerry,unauth,auth-bypass
-  tags: cve2024,cve,becon,datagerry,unauth,auth-bypass
 
 http:
   - method: GET
@@ -34,11 +36,6 @@ http:
 
     matchers-condition: and
     matchers:
-      - type: word
-        part: header
-        words:
-          - "application/json"
-
       - type: word
         part: body
         words:
@@ -46,3 +43,8 @@ http:
           - '"model":'
           - '"time":'
         condition: and
+
+      - type: word
+        part: content_type
+        words:
+          - "application/json"