Goby/json/GlassFish-Arbitrary-File-Read-(CVE-2017-1000028).json

{
  "Name": "GlassFish Arbitrary File Read (CVE-2017-1000028)",
  "Description": "Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated Directory Traversal vulnerability, that can be exploited by issuing a specially crafted HTTP GET request.",
  "Product": "Sun-GlassFish",
  "Homepage": "https://glassfish.java.net",
  "DisclosureDate": "2017-07-17",
  "Author": "gp827782797@qq.com",
  "FofaQuery": "app=\"Sun-GlassFish\"",
  "GobyQuery": "app=\"Sun-GlassFish\"",
  "Level": "2",
  "Impact": "Arbitrary File Read",
  "Recommendation": "The latest version 4.1.1 was released in October to fix the problem, and the operation and maintenance personnel should follow up the fix in time to prevent the impact from expanding.",
  "References": null,
  "RealReferences": [
    "https://www.exploit-db.com/exploits/45196/",
    "https://www.exploit-db.com/exploits/45198/",
    "https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904",
    "https://nvd.nist.gov/vuln/detail/CVE-2017-1000028",
    "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000028"
  ],
  "HasExp": true,
  "ExpParams": [
    {
      "name": "file",
      "type": "createSelect",
      "value": "/etc/passwd,C:/Windows/win.ini",
      "show": ""
    }
  ],
  "ExpTips": {
    "Type": "",
    "Content": ""
  },
  "ScanSteps": [
    "AND",
    {
      "Request": {
        "data": "",
        "data_type": "text",
        "follow_redirect": true,
        "method": "GET",
        "uri": "/"
      },
      "ResponseTest": {
        "checks": [
          {
            "bz": "",
            "operation": "==",
            "type": "item",
            "value": "200",
            "variable": "$code"
          }
        ],
        "operation": "AND",
        "type": "group"
      }
    }
  ],
  "ExploitSteps": null,
  "Tags": ["fileread"],
  "CVEIDs": [
    "CVE-2017-1000028"
  ],
  "CVSSScore": "7.5",
  "AttackSurfaces": {
    "Application": null,
    "Support": null,
    "Service": ["Sun-GlassFish"],
    "System": null,
    "Hardware": null
  },
  "Disable": false
}