id: cve-2020-9496
info:
name: Apache OFBiz XML-RPC Java Deserialization
author: dwisiswant0
severity: medium
description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
# This temaplte detects a Java deserialization vulnerability in Apache
# OFBiz's unauthenticated XML-RPC endpoint /webtools/control/xmlrpc for
# versions prior to 17.12.04.
# --
# References:
# - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
requests:
- raw:
- |
POST /webtools/control/xmlrpc HTTP/1.1
Host: {{Hostname}}
Origin: http://{{Hostname}}
Content-Type: application/xml
ProjectDiscoverydwisiswant0
- |
POST /webtools/control/xmlrpc HTTP/1.1
Host: {{Hostname}}:8080
Origin: http://{{Hostname}}:8080
Content-Type: application/xml
ProjectDiscoverydwisiswant0
- |
POST /webtools/control/xmlrpc HTTP/1.1
Host: {{Hostname}}:8443
Origin: https://{{Hostname}}:8443
Content-Type: application/xml
ProjectDiscoverydwisiswant0
matchers-condition: and
matchers:
- type: word
words:
- "faultString"
- "No such service [ProjectDiscovery]"
- "methodResponse"
condition: and
part: body
- type: word
words:
- "Content-Type: text/xml"
part: header
- type: status
status:
- 200