nuclei-templates/network/clamav-unauth.yaml

33 lines
930 B
YAML

id: clamav-unauth
info:
name: ClamAV Server - Unauthenticated Access
author: dwisiswant0
severity: high
description: |
ClamAV server 0.99.2, and possibly other previous versions, allow the execution
of dangerous service commands without authentication. Specifically, the command 'SCAN'
may be used to list system files and the command 'SHUTDOWN' shut downs the service.
metadata:
verified: true
shodan-query: 'port:3310 product:"ClamAV" version:"0.99.2"'
reference:
- https://seclists.org/nmap-dev/2016/q2/201
- https://bugzilla.clamav.net/show_bug.cgi?id=11585
tags: network,clamav,unauth,seclists
tcp:
- inputs:
- data: "SCAN /nonexistent/{{to_lower(rand_text_alpha(10))}}\r\n"
host:
- "{{Hostname}}"
- "{{Host}}:3310"
read-size: 48
matchers:
- type: word
words:
- "No such"
- "lstat() failed"
condition: and