Fix up version regex and also fix a description to be a little more a…

…ccurate
rapid7 · Mar 26, 2021 · 9039b56 · 9039b56
1 parent 1dbf165
commit 9039b56
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/lib/msf/core/exploit/remote/http/nagios_xi/rce_check.rb b/lib/msf/core/exploit/remote/http/nagios_xi/rce_check.rb
@@ -72,7 +72,7 @@ def nagios_xi_rce_check(version)
   #
   # @param matching_exploits [Hash] maps CVE numbers to exploit module names
   # @param cve_module_array [Array] contains arrays with a CVE number at index 0 and a matching exploit at index 1
-  # @return [Hash] matching exploits, updated list of matching exploits, mapping CVE numbers to exploit module names
+  # @return [Hash] updated list of matching exploits, mapping CVE numbers to exploit module names
   def add_cve_module_to_hash(matching_exploits, cve_module_array)
     # Account for version numbers for which we have multiple exploits
     if cve_module_array.length > 1

diff --git a/lib/msf/core/exploit/remote/http/nagios_xi/version.rb b/lib/msf/core/exploit/remote/http/nagios_xi/version.rb
@@ -9,7 +9,7 @@ module Msf::Exploit::Remote::HTTP::NagiosXi::Version
   # @param res_backend [String] HTTP response body
   # @return [String, nil], String containing the Nagios XI version if successful, nil otherwise
   def nagios_xi_version(res_backend)
-    version = res_backend.scan(/product=nagiosxi&version=(.*?)&/)&.flatten&.first
+    version = res_backend.scan(/product=nagiosxi&version=(.*+)&/)&.flatten&.first
   end
 
   # Tries to obtain the Nagios XI version from the login.php page. This will not work for older Nagios XI versions.