From b9a98fc9cbf6147eafdfadc981f61308d5f92156 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Tue, 7 Nov 2023 07:20:43 +0000 Subject: [PATCH] TemplateMan Update [Tue Nov 7 07:20:43 UTC 2023] :robot: --- http/cves/2017/CVE-2017-7925.yaml | 2 +- http/cves/2018/CVE-2018-0296.yaml | 2 +- http/cves/2019/CVE-2019-3929.yaml | 2 +- http/cves/2020/CVE-2020-8193.yaml | 2 +- http/cves/2021/CVE-2021-1472.yaml | 2 +- http/cves/2021/CVE-2021-21345.yaml | 2 +- http/cves/2021/CVE-2021-34621.yaml | 2 +- http/cves/2021/CVE-2021-39144.yaml | 2 +- http/cves/2022/CVE-2022-0482.yaml | 2 +- http/cves/2022/CVE-2022-23544.yaml | 2 +- http/cves/2022/CVE-2022-46169.yaml | 2 +- http/cves/2023/CVE-2023-34124.yaml | 2 +- .../hikvision/hikvision-js-files-upload.yaml | 3 ++- http/vulnerabilities/other/metabase-log4j.yaml | 6 ++---- ssl/c2/quasar-rat-c2.yaml | 3 ++- 15 files changed, 18 insertions(+), 18 deletions(-) diff --git a/http/cves/2017/CVE-2017-7925.yaml b/http/cves/2017/CVE-2017-7925.yaml index 9367463eb1..f20e7cee84 100644 --- a/http/cves/2017/CVE-2017-7925.yaml +++ b/http/cves/2017/CVE-2017-7925.yaml @@ -16,7 +16,7 @@ info: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2017-7925 - cwe-id: CWE-522,CWE-260 + cwe-id: CWE-260,CWE-522 epss-score: 0.35031 epss-percentile: 0.9665 cpe: cpe:2.3:o:dahuasecurity:dh-ipc-hdbw23a0rn-zs_firmware:-:*:*:*:*:*:*:* diff --git a/http/cves/2018/CVE-2018-0296.yaml b/http/cves/2018/CVE-2018-0296.yaml index 2d71c463ee..342a3783e7 100644 --- a/http/cves/2018/CVE-2018-0296.yaml +++ b/http/cves/2018/CVE-2018-0296.yaml @@ -18,7 +18,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H cvss-score: 7.5 cve-id: CVE-2018-0296 - cwe-id: CWE-20,CWE-22 + cwe-id: CWE-22,CWE-20 epss-score: 0.97359 epss-percentile: 0.99865 cpe: cpe:2.3:a:cisco:adaptive_security_appliance_software:*:*:*:*:*:*:*:* diff --git a/http/cves/2019/CVE-2019-3929.yaml b/http/cves/2019/CVE-2019-3929.yaml index 3d60dec9a8..1da3e99cc6 100644 --- a/http/cves/2019/CVE-2019-3929.yaml +++ b/http/cves/2019/CVE-2019-3929.yaml @@ -17,7 +17,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2019-3929 - cwe-id: CWE-79,CWE-78 + cwe-id: CWE-78,CWE-79 epss-score: 0.97419 epss-percentile: 0.99908 cpe: cpe:2.3:o:crestron:am-100_firmware:1.6.0.2:*:*:*:*:*:*:* diff --git a/http/cves/2020/CVE-2020-8193.yaml b/http/cves/2020/CVE-2020-8193.yaml index 30cc27f14d..65fc5b395d 100644 --- a/http/cves/2020/CVE-2020-8193.yaml +++ b/http/cves/2020/CVE-2020-8193.yaml @@ -16,7 +16,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N cvss-score: 6.5 cve-id: CVE-2020-8193 - cwe-id: CWE-284,CWE-287 + cwe-id: CWE-287,CWE-284 epss-score: 0.93748 epss-percentile: 0.98861 cpe: cpe:2.3:o:citrix:application_delivery_controller_firmware:*:*:*:*:*:*:*:* diff --git a/http/cves/2021/CVE-2021-1472.yaml b/http/cves/2021/CVE-2021-1472.yaml index 208fc6038f..41b7a23815 100644 --- a/http/cves/2021/CVE-2021-1472.yaml +++ b/http/cves/2021/CVE-2021-1472.yaml @@ -18,7 +18,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-1472 - cwe-id: CWE-287,CWE-119 + cwe-id: CWE-119,CWE-287 epss-score: 0.97318 epss-percentile: 0.99841 cpe: cpe:2.3:o:cisco:rv160_firmware:*:*:*:*:*:*:*:* diff --git a/http/cves/2021/CVE-2021-21345.yaml b/http/cves/2021/CVE-2021-21345.yaml index 702aeeb208..b012312ac4 100644 --- a/http/cves/2021/CVE-2021-21345.yaml +++ b/http/cves/2021/CVE-2021-21345.yaml @@ -17,7 +17,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 9.9 cve-id: CVE-2021-21345 - cwe-id: CWE-502,CWE-78 + cwe-id: CWE-78,CWE-502 epss-score: 0.37552 epss-percentile: 0.96773 cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* diff --git a/http/cves/2021/CVE-2021-34621.yaml b/http/cves/2021/CVE-2021-34621.yaml index 095ec7bb5f..f8a10e84ca 100644 --- a/http/cves/2021/CVE-2021-34621.yaml +++ b/http/cves/2021/CVE-2021-34621.yaml @@ -16,7 +16,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2021-34621 - cwe-id: CWE-306,CWE-269 + cwe-id: CWE-269,CWE-306 epss-score: 0.7888 epss-percentile: 0.97929 cpe: cpe:2.3:a:properfraction:profilepress:*:*:*:*:*:wordpress:*:* diff --git a/http/cves/2021/CVE-2021-39144.yaml b/http/cves/2021/CVE-2021-39144.yaml index 8ca53aa48b..e2a770b7ac 100644 --- a/http/cves/2021/CVE-2021-39144.yaml +++ b/http/cves/2021/CVE-2021-39144.yaml @@ -18,7 +18,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 8.5 cve-id: CVE-2021-39144 - cwe-id: CWE-502,CWE-306 + cwe-id: CWE-306,CWE-502 epss-score: 0.96508 epss-percentile: 0.99453 cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:* diff --git a/http/cves/2022/CVE-2022-0482.yaml b/http/cves/2022/CVE-2022-0482.yaml index 8dcca81893..1c2057c021 100644 --- a/http/cves/2022/CVE-2022-0482.yaml +++ b/http/cves/2022/CVE-2022-0482.yaml @@ -18,7 +18,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N cvss-score: 9.1 cve-id: CVE-2022-0482 - cwe-id: CWE-863,CWE-359 + cwe-id: CWE-359,CWE-863 epss-score: 0.06254 epss-percentile: 0.92812 cpe: cpe:2.3:a:easyappointments:easyappointments:*:*:*:*:*:wordpress:*:* diff --git a/http/cves/2022/CVE-2022-23544.yaml b/http/cves/2022/CVE-2022-23544.yaml index 2fbeaff14d..3f2a1a6086 100644 --- a/http/cves/2022/CVE-2022-23544.yaml +++ b/http/cves/2022/CVE-2022-23544.yaml @@ -17,7 +17,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2022-23544 - cwe-id: CWE-918,CWE-79 + cwe-id: CWE-79,CWE-918 epss-score: 0.00059 epss-percentile: 0.23314 cpe: cpe:2.3:a:metersphere:metersphere:*:*:*:*:*:*:*:* diff --git a/http/cves/2022/CVE-2022-46169.yaml b/http/cves/2022/CVE-2022-46169.yaml index 0989e1f70a..4514fae0ad 100644 --- a/http/cves/2022/CVE-2022-46169.yaml +++ b/http/cves/2022/CVE-2022-46169.yaml @@ -18,7 +18,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2022-46169 - cwe-id: CWE-78,CWE-74 + cwe-id: CWE-74,CWE-78 epss-score: 0.96583 epss-percentile: 0.99485 cpe: cpe:2.3:a:cacti:cacti:*:*:*:*:*:*:*:* diff --git a/http/cves/2023/CVE-2023-34124.yaml b/http/cves/2023/CVE-2023-34124.yaml index 0b100a55e8..8f7c26dcfd 100644 --- a/http/cves/2023/CVE-2023-34124.yaml +++ b/http/cves/2023/CVE-2023-34124.yaml @@ -18,7 +18,7 @@ info: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cve-id: CVE-2023-34124 - cwe-id: CWE-287,CWE-305 + cwe-id: CWE-305,CWE-287 epss-score: 0.01627 epss-percentile: 0.86122 cpe: cpe:2.3:a:sonicwall:analytics:*:*:*:*:*:*:*:* diff --git a/http/vulnerabilities/hikvision/hikvision-js-files-upload.yaml b/http/vulnerabilities/hikvision/hikvision-js-files-upload.yaml index cbc30f61c4..96893ae4ec 100644 --- a/http/vulnerabilities/hikvision/hikvision-js-files-upload.yaml +++ b/http/vulnerabilities/hikvision/hikvision-js-files-upload.yaml @@ -44,4 +44,5 @@ http: - 'status_code_2 == 200' - 'contains(body_2, "{{payload}}")' condition: and -# digest: 4a0a00473045022100b950d772245477a3b9ca9e272b20a63f38c6dc64378b6fa9dace29426cca5450022007f3af02a3422204244432721fbbdd6997a13cea83e2aac2259e960c7aefeb14:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + +# digest: 4a0a00473045022100b950d772245477a3b9ca9e272b20a63f38c6dc64378b6fa9dace29426cca5450022007f3af02a3422204244432721fbbdd6997a13cea83e2aac2259e960c7aefeb14:922c64590222798bb761d5b6d8e72950 diff --git a/http/vulnerabilities/other/metabase-log4j.yaml b/http/vulnerabilities/other/metabase-log4j.yaml index 1baf4ffc1b..adf1b3aa42 100644 --- a/http/vulnerabilities/other/metabase-log4j.yaml +++ b/http/vulnerabilities/other/metabase-log4j.yaml @@ -43,23 +43,21 @@ http: - type: regex part: interactsh_request regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output + extractors: - type: kval kval: - - interactsh_ip # Print remote interaction IP in output + - type: regex group: 2 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print injection point in output part: interactsh_request - type: regex group: 1 regex: - - '\d{6}\.([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Print extracted ${:-{{rand1}}}${:-{{rand2}}}.${hostName} in output part: interactsh_request # digest: 490a00463044022069d41d35a4b8d057e5cd95eb255e94f2df8b3fdeb26f901e821fbe7bdd097b1f0220356c88a5e90ddfd1e00fc7973c4d2bdf2fcc98a5f66169596bbd41323c20b8d4:922c64590222798bb761d5b6d8e72950 diff --git a/ssl/c2/quasar-rat-c2.yaml b/ssl/c2/quasar-rat-c2.yaml index 7bee06420e..e82c2b961c 100644 --- a/ssl/c2/quasar-rat-c2.yaml +++ b/ssl/c2/quasar-rat-c2.yaml @@ -26,4 +26,5 @@ ssl: - type: json json: - " .issuer_cn" -# digest: 4a0a0047304502210089c3b7edfbbd1e6f13c79ed724e93ae0db447239b79bb2be0496828c5b7d2e2a022069d9ff039f32ebf74f17f2a6efe0a56b6704a80540b1b1d93bf359b0fc28b2f1:922c64590222798bb761d5b6d8e72950 \ No newline at end of file + +# digest: 4a0a0047304502210089c3b7edfbbd1e6f13c79ed724e93ae0db447239b79bb2be0496828c5b7d2e2a022069d9ff039f32ebf74f17f2a6efe0a56b6704a80540b1b1d93bf359b0fc28b2f1:922c64590222798bb761d5b6d8e72950