mirror of https://github.com/qwqdanchun/Goby.git
51 lines
1.9 KiB
JSON
51 lines
1.9 KiB
JSON
{
|
|
"Name": "Apache OFBiz Deserialization RCE (CVE-2020-9496)",
|
|
"Description": "XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03",
|
|
"Product": "Apache-OFBiz",
|
|
"Homepage": "https://ofbiz.apache.org/",
|
|
"DisclosureDate": "2020-07-15",
|
|
"Author": "itardc@163.com",
|
|
"GifAddress": "https://raw.githubusercontent.com/gobysec/GobyVuls/master/Apache%20OFBiz/CVE-2020-9496/CVE-2020-9496.gif",
|
|
"FofaQuery": "header=\"Set-Cookie: OFBiz.Visitor\"",
|
|
"GobyQuery": "header=\"Set-Cookie: OFBiz.Visitor\"",
|
|
"Level": "3",
|
|
"Impact": "",
|
|
"Recommendation": "",
|
|
"References": [
|
|
"http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html",
|
|
"https://lists.apache.org/thread.html/r8fb319dc1f196563955fbf5e9cf454fb9d6c27c2058066445af7f8cb@%3Cuser.ofbiz.apache.org%3E",
|
|
"https://lists.apache.org/thread.html/ra43cfe80226c3b23cd775f3543da10c035ad9c9943cfe8a680490730@%3Cuser.ofbiz.apache.org%3E",
|
|
"https://lists.apache.org/thread.html/raf6020f765f12711e817ce13df63ecd7d677eebea8001e0473ee7c84@%3Cannounce.apache.org%3E",
|
|
"https://lists.apache.org/thread.html/rde93e1c91620335b72b798f78ab4459d3f7b06f96031d8ce86a18825@%3Cnotifications.ofbiz.apache.org%3E",
|
|
"https://s.apache.org/l0994",
|
|
"https://nvd.nist.gov/vuln/detail/CVE-2020-9496",
|
|
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9496"
|
|
],
|
|
"HasExp": true,
|
|
"ExpParams": [
|
|
{
|
|
"Name": "AttackType",
|
|
"Type": "select",
|
|
"Value": "goby_shell_linux"
|
|
}
|
|
],
|
|
"ExpTips": {
|
|
"Type": "",
|
|
"Content": ""
|
|
},
|
|
"ScanSteps": null,
|
|
"ExploitSteps": null,
|
|
"Tags": ["rce"],
|
|
"CVEIDs": [
|
|
"CVE-2020-9496"
|
|
],
|
|
"CVSSScore": "6.1",
|
|
"AttackSurfaces": {
|
|
"Application": ["Apache-OFBiz"],
|
|
"Support": null,
|
|
"Service": null,
|
|
"System": null,
|
|
"Hardware": null
|
|
},
|
|
"Disable": false
|
|
} |