Skip to content

Commit

Permalink
Update community/detectors/geoserver_cve_2024_36401/src/test/java/com…
Browse files Browse the repository at this point in the history 
…/google/tsunami/plugins/detectors/rce/GeoserverCve202436401VulnDetectorTest.java

Co-authored-by: Savio Sisco <[email protected]>
  • Loading branch information
@grandsilva @lokiuox
grandsilva and lokiuox authored Sep 23, 2024
1 parent 402ca4c commit 10dcf4c
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions .../java/com/google/tsunami/plugins/detectors/rce/GeoserverCve202436401VulnDetectorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -126,13 +126,14 @@ public void detect_whenVulnerable_returnsVulnerability() throws IOException {
.setSeverity(Severity.CRITICAL)
.setTitle("Geoserver RCE (CVE-2024-36401)")
.setDescription(
"This detector checks for Geoserver RCE (CVE-2024-36401). "
+ "Multiple OGC request parameters allow Remote Code Execution (RCE) "
+ "by unauthenticated users through specially crafted input against "
+ "a default GeoServer installation due to unsafely evaluating property "
+ "names as XPath expressions.")
"This detector checks for Geoserver RCE (CVE-2024-36401). Multiple OGC"
+ " request parameters allow Remote Code Execution (RCE) by"
+ " unauthenticated users through specially crafted input against a"
+ " default GeoServer installation due to unsafely evaluating"
+ " property names as XPath expressions.")
.setRecommendation(
"Upgrade Geoserver to a patched version. The vulnerability was fixed in versions 2.23.6, 2.24.4, and 2.25.2.")
"Upgrade Geoserver to a patched version. The vulnerability was fixed in"
+ " versions 2.23.6, 2.24.4, and 2.25.2.")
.addRelatedId(
VulnerabilityId.newBuilder()
.setPublisher("CVE")
Expand Down

0 comments on commit 10dcf4c

Please sign in to comment.