Standardize capitalization of Java Expression Language

rapid7 · Dec 7, 2024 · 2357c8a · 2357c8a
1 parent e332001
commit 2357c8a
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb b/modules/exploits/multi/http/primefaces_weak_encryption_rce.rb
@@ -15,7 +15,7 @@ def initialize(info = {})
         info,
         'Name' => 'Primefaces Remote Code Execution Exploit',
         'Description' => %q{
-          This module exploits an expression language remote code execution flaw in the Primefaces JSF framework.
+          This module exploits a Java Expression Language remote code execution flaw in the Primefaces JSF framework.
           Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack,
           due to the use of weak crypto and default encryption password and salt.
 
@@ -134,9 +134,9 @@ def check
 
     res = http_send_command(payload_wrapper)
     return Exploit::CheckCode::Unknown('Unable to determine due to a HTTP connection timeout') if res.nil?
-    return Exploit::CheckCode::Vulnerable('Victim evaluates java Expression Language expressions') if res.headers && res.headers[marker] == marker
+    return Exploit::CheckCode::Vulnerable('Victim evaluates Java Expression Language expressions') if res.headers && res.headers[marker] == marker
 
-    Exploit::CheckCode::Safe('Server does not process java Expression Language expressions, likely not vulnerable')
+    Exploit::CheckCode::Safe('Server does not process Java Expression Language expressions, likely not vulnerable')
   end
 
 end