id: CVE-2020-11450
info:
  name: Microstrategy Web 10.4 exposes the JVM configuration
  author: tess
  severity: high
  description: |
    Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture,
    installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp.
    An attacker could use this vulnerability to learn more about the environment the
    application is running in. This issue has been mitigated in all versions of the
    product 11.0 and higher.
  reference:
    - http://packetstormsecurity.com/files/157068/MicroStrategy-Intelligence-Server-And-Web-10.4-XSS-Disclosure-SSRF-Code-Execution.html
    - https://nvd.nist.gov/vuln/detail/cve-2020-11450
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11450
    - https://www.redtimmy.com/web-application-hacking/another-ssrf-another-rce-the-microstrategy-case/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2020-11450
  tags: microstrategy,exposure,jvm,config,packetstorm,cve,cve2020

requests:
  - method: GET
    path:
      - '{{BaseURL}}/MicroStrategyWS/happyaxis.jsp'

    redirects: true
    max-redirects: 2
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'Axis2 Happiness Page'
          - 'Examining webapp configuration'
          - 'Essential Components'
        condition: and

      - type: status
        status:
          - 200