Skip to content

Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames

License

Notifications You must be signed in to change notification settings

faisalfs10x/http-vuln-cve2019-14322.nse

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

12 Commits
 
 
 
 
 
 

Repository files navigation

http-vuln-cve2019-14322.nse

  • Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames

Description

  • CVE-2019-14322 - A vulnerability was found in Pallets Werkzeug up to 0.15.4. It has been declared as critical. This vulnerability affects the function SharedDataMiddleware of the component Windows.
  • The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE definition for the vulnerability is CWE-22.
  • This script reads c:/windows/win.ini as a proof of concept.
  • This vulnerability is running on (cpe:2.3:o:microsoft:windows:-:::::::, cpe:2.3:o:microsoft:windows:-::::::x64:*)

Clone and Install

Usage


$ nmap --script http-vuln-cve2019-14322.nse -p <port> <target>

PORT    STATE SERVICE
443/tcp open  https
| http-vuln-cve2019-14322: 
|   VULNERABLE:
|   Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames
|     State: VULNERABLE
|     IDs:  CVE:CVE-2019-14322
|       		
|       A vulnerability was found in Pallets Werkzeug up to 0.15.4. It has been declared as critical. 
|       This vulnerability affects the function SharedDataMiddleware of the component Windows. 
|       The manipulation with an unknown input leads to a directory traversal vulnerability. The CWE definition for the vulnerability is CWE-22.
|       This script reads c:/windows/win.ini as a proof of concept.
|       This vulnerability is running on (cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*, cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:x64:*)
|       		
|           
|     Disclosure date: 2019-07-28
|     References:
|       https://www.cvedetails.com/cve/CVE-2019-14322/
|       https://vuldb.com/?id.138886
|       https://palletsprojects.com/blog/werkzeug-0-15-5-released/
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14322

Nmap done: 1 IP address (1 host up) scanned in 0.48 seconds

Published in:

About

Nmap NSE script to detect CVE-2019-14322 of Pallets Werkzeug path traversal via SharedDataMiddleware mishandles drive names (such as C:) in Windows pathnames

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages