Automate Recon and scanning process with Vidoc. All security teams in one place
By klaudia
The "Confluence 0day CVE-2022-26134" module is designed to detect the CVE-2022-26134 vulnerability in Confluence Server and Data Center. This vulnerability allows unauthenticated attackers to execute arbitrary code on a Confluence Server or Data Center instance. The module targets affected versions ranging from 1.3.0 to 7.4.17. The severity of this vulnerability is classified as low.
If successfully exploited, the CVE-2022-26134 vulnerability in Confluence Server and Data Center can lead to unauthorized execution of arbitrary code. This can result in unauthorized access to sensitive information, system compromise, and potential further exploitation of the affected system.
The "Confluence 0day CVE-2022-26134" module works by sending HTTP requests to the target Confluence Server or Data Center instance. It then matches the responses against specific conditions to determine if the vulnerability is present. The module uses a specific request path and method to trigger the vulnerability and checks for a specific header response to confirm its presence.
Example HTTP request:
GET /%24%7B%28%23a%3D%40org.apache.commons.io.IOUtils%40toString%28%40java.lang.Runtime%40getRuntime%28%29.exec%28%22cat%20%2Fetc%2Fpasswd%22%29.getInputStream%28%29%2C%22utf-8%22%29%29.%28%40com.opensymphony.webwork.ServletActionContext%40getResponse%28%29.setHeader%28%22X-Cmd-Response%22%2C%23a%29%29%7D
The module matches the response header against the condition "root:[x*]:0:0" to determine if the vulnerability is present.
Note: The module is a JSON definition used in the Vidoc platform for scanning purposes. It is not intended for marketing purposes and provides technical information to detect vulnerabilities, misconfigurations, or software fingerprints.