Orientdb 2.2.x RCE - Fix regular expression for version detection

rapid7 · Jul 26, 2017 · 4845b4b · 4845b4b
1 parent 3066492
commit 4845b4b
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/modules/exploits/multi/http/orientdb_exec.rb b/modules/exploits/multi/http/orientdb_exec.rb
@@ -52,7 +52,7 @@ def check
     uri = target_uri
     uri.path = normalize_uri(uri.path)
     res = send_request_raw({'uri' => "#{uri.path}listDatabases"})
-    if res and res.code == 200 and res.headers['Server'] =~ /OrientDB Server v\.2\.2\.[2-9]|1[0-9]|2[0-2]/
+    if res and res.code == 200 and res.headers['Server'] =~ /OrientDB Server v\.2\.2\./
       print_good("Version: #{res.headers['Server']}")
       return Exploit::CheckCode::Vulnerable
     else