51 lines
1.5 KiB
YAML
51 lines
1.5 KiB
YAML
id: apache-nifi-rce
|
|
|
|
info:
|
|
name: Apache NiFi - Remote Code Execution
|
|
author: arliya
|
|
severity: critical
|
|
description: |
|
|
Apache NiFi is designed for data streaming. It supports highly configurable data routing, transformation, and system mediation logic that indicate graphs. The system has unauthorized remote command execution vulnerability.
|
|
reference:
|
|
- https://github.com/imjdl/Apache-NiFi-Api-RCE
|
|
- https://labs.withsecure.com/tools/metasploit-modules-for-rce-in-apache-nifi-and-kong-api-gateway
|
|
- https://packetstormsecurity.com/files/160260/apache_nifi_processor_rce.rb.txt
|
|
classification:
|
|
cpe: cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
shodan-query: "title:\"NiFi\""
|
|
product: nifi
|
|
vendor: apache
|
|
tags: packetstorm,apache,nifi,rce
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/nifi-api/process-groups/root"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "revision"
|
|
- "canRead"
|
|
- "permissions"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "application/json"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: json
|
|
json:
|
|
- .id
|
|
# digest: 4a0a00473045022100edae76cef80904808f0adf5cc3db8f2879acba8158ef72546dc2aff25d63dfc702202f4f620200f8c3dcbd7e288072bedc19a0d5acbe3e0b13b72c92feb2f23d5dc7:922c64590222798bb761d5b6d8e72950 |