Skip to content

[FALSE-POSITIVE] CVE-2024-4439 #11496

New issue
New issue
Closed
Enhancement
#11598
Closed
[FALSE-POSITIVE] CVE-2024-4439#11496
Enhancement
#11598
Assignees
princechaddha
Labels
DoneReady to mergefalse-positiveNuclei template reporting invalid/unexpected result
@KristinnVikar

Description

@KristinnVikar
KristinnVikar
opened on Jan 16, 2025

Template IDs or paths

- http/cves/2024/CVE-2024-4439.yaml

Environment

- OS: Ubuntu 22.04
- Nuclei: Any
- Go:

Steps To Reproduce

Since default matcher condition is OR 1, any webserver that responds HTTP 200 for the request POST /wp-login.php (or respond HTTP 200 to any of the other 8 requests) will match against the template, since it blindly matches against HTTP 200.

nuclei-templates/http/cves/2024/CVE-2024-4439.yaml

Lines 91 to 93 in 691a1a5

- type: status
status:
- 200

Relevant dumped responses



Anything else?


No response


Footnotes


    

  1. 

    https://docs.projectdiscovery.io/templates/reference/matchers#matchers-condition 
    

    2. 



Metadata
Metadata
Assignees
Labels
DoneReady to mergefalse-positiveNuclei template reporting invalid/unexpected result
Type
Enhancement
Projects
No projects
Milestone
No milestone
Relationships
None yet
Development
No branches or pull requests
Issue actions