Confluence 0day CVE-2022-26134

What is the "Confluence 0day CVE-2022-26134" module?

The "Confluence 0day CVE-2022-26134" module is designed to detect the CVE-2022-26134 vulnerability in Confluence Server and Data Center. This vulnerability allows unauthenticated attackers to execute arbitrary code on a Confluence Server or Data Center instance. The module targets affected versions ranging from 1.3.0 to 7.4.17. The severity of this vulnerability is classified as low.

Impact

If successfully exploited, the CVE-2022-26134 vulnerability in Confluence Server and Data Center can lead to unauthorized execution of arbitrary code. This can result in unauthorized access to sensitive information, system compromise, and potential further exploitation of the affected system.

How does the module work?

The "Confluence 0day CVE-2022-26134" module works by sending HTTP requests to the target Confluence Server or Data Center instance. It then matches the responses against specific conditions to determine if the vulnerability is present. The module uses a specific request path and method to trigger the vulnerability and checks for a specific header response to confirm its presence.

Example HTTP request:

GET /%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22cat%20%2Fetc%2Fpasswd%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D

The module matches the response header against the condition "root:[x*]:0:0" to determine if the vulnerability is present.

Note: The module is a JSON definition used in the Vidoc platform for scanning purposes. It is not intended for marketing purposes and provides technical information to detect vulnerabilities, misconfigurations, or software fingerprints.