daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

updated matcher

main
Ritik Chaddha 2024-07-30 12:43:53 +05:30 committed by GitHub
parent 1d60c0c0dc
commit ef3b6d4869
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
http/cves/2024/CVE-2024-6922.yaml
View File

@ -6,10 +6,12 @@ info:
severity: high
description: |
Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component.
impact: An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
impact: |
An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server.
reference:
- https://www.automationanywhere.com/products/automation-360
- https://www.rapid7.com/blog/post/2024/07/26/cve-2024-6922-automation-anywhere-automation-360-server-side-request-forgery/
- https://nvd.nist.gov/vuln/detail/CVE-2024-6922
metadata:
verified: true
max-request: 1
@ -33,6 +35,11 @@ http:
words:
- "dns"
- type: word
part: body
words:
- '{"message":'
- type: word
part: content_type
words: