daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update elasticsearch5-log4j-rce.yaml

patch-1
Prince Chaddha 2022-07-16 18:04:04 +05:30 committed by GitHub
parent 236912a8fa
commit c7b482532d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
vulnerabilities/other/elasticsearch5-log4j-rce.yaml
View File

@ -8,11 +8,15 @@ info:
A critical vulnerability in Apache Log4j identified by CVE-2021-44228 has been publicly disclosed that may allow for remote code execution in impacted Elasticsearch 5.
reference:
- https://www.horizon3.ai/the-long-tail-of-log4shell-exploitation/
- https://logging.apache.org/log4j/2.x/security.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-44228
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
cvss-score: 10.0
cwe-id: CWE-77
tags: jndi,log4j,rce,oast,elasticsearch
metadata:
verified: true
tags: jndi,log4j,rce,oast,elasticsearch,cve,cve2021
requests:
- raw:
@ -35,6 +39,10 @@ requests:
- '([a-zA-Z0-9\.\-]+)\.([a-z0-9]+)\.([a-z0-9]+)\.\w+' # Match for extracted ${hostName} variable
extractors:
- type: kval
kval:
- interactsh_ip # Print remote interaction IP in output
- type: regex
part: interactsh_request
group: 1