daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7310 from j4vaovo/patch-41 

Fix CVE-2018-11784-False Positive
patch-1
Dhiyaneshwaran 2023-05-30 14:16:11 +05:30 committed by GitHub
parent 739fcf2ae5 e93076238d
commit cfecf041f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
http/cves/2018/CVE-2018-11784.yaml
View File

@ -4,7 +4,8 @@ info:
name: Apache Tomcat - Open Redirect
author: geeknik
severity: medium
description: Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
description: |
Apache Tomcat versions prior to 9.0.12, 8.5.34, and 7.0.91 are prone to an open-redirection vulnerability because it fails to properly sanitize user-supplied input.
reference:
- https://lists.apache.org/thread.html/23134c9b5a23892a205dc140cdd8c9c0add233600f76b313dda6bd75@%3Cannounce.tomcat.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2018-11784
@ -24,9 +25,14 @@ http:
path:
- "{{BaseURL}}//interact.sh"
matchers-condition: and
matchers:
- type: regex
regex:
- '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
part: header
# Enhanced by mp on 2022/04/26
- type: status
status:
- 404
negative: true