C4o
commented
3 years ago Hi @magl0 , I saw you already had one detector with struts2. So I wanna know is it ok with vulnerability in web frameworks like struts2 which may not have definite default uri?It always occurs with custom URIs defined by developer, and be detected after fingerprint ensuring.
Hi there,
I would like to contribute the implementation for a plugin that detects CVE-2020-17530 Struts2 S2-061 Remote Code Execution Vulnerablity. This vulnerability is the bypass of the OGNL sandbox, which enhance after S2-059(CVE-2019-0230).
Vulnerability details:
Score: 9.8 CRITICAL Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References: https://nvd.nist.gov/vuln/detail/CVE-2020-17530 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17530
The vulnerability should be remotely exploitable without authentication and user interaction. Yes.
The detector should provide a reliable false-positive free detection report. Yes.
The detection capability should be easy to verify using both vulnerable and fixed Docker images. Yes.
The vulnerability should have a relatively large impact radius. Yes.
Please let me know if this is in scope as I've already made the development .
Thanks, C4o