Check for F5 Big-IP CVE-2020-5902 mitigation bypass.

cs4p · Nov 28, 2020 · d3a9456 · d3a9456
1 parent 162ae79
commit d3a9456
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/program/databases/db_tests b/program/databases/db_tests
@@ -157,7 +157,7 @@
 "000121","0","23","/scripts/iisadmin/bdir.htr","GET","200","","","","","This default script shows host info, may allow file browsing and buffer a overrun in the Chunked Encoding data transfer mechanism, request /scripts/iisadmin/bdir.htr??c:\<dirs> . MS02-028. CA-2002-09.","",""
 "000122","0","2a","/scripts/iisadmin/ism.dll","GET","200","","","","","Allows you to mount a brute force attack on passwords","",""
 "000123","0","2a","/scripts/tools/ctss.idc","GET","200","","","","","This CGI allows remote users to view and modify SQL DB contents, server paths, docroot and more.","",""
-"000124","0","3","/bigconf.cgi","GET","200","","","","","BigIP Configuration CGI","",""
+"000124","0","3","/bigconf.cgi","GET","200","","","","","Big-IP Configuration CGI","",""
 "000125","0","3","/billing/billing.apw","GET","PASS BOX CAPTION:","","","","","CoffeeCup password wizard allows password files to be read remotely.","",""
 "000126","0","3","/blah_badfile.shtml","GET","200","","","","","Allaire ColdFusion allows JSP source viewed through a vulnerable SSI call.","<!--#include virtual=\"/index.jsp\"-->",""
 "000127","0","3","/blah-whatever-badfile.jsp","GET","Script \/","","","","","The web server is configured to respond with the web server path when requesting a non-existent .jsp file.","",""
@@ -954,7 +954,7 @@
 "000941","0","1e","@CGIDIRSwwwadmin.pl","GET","200","","","","","Administration CGI?","",""
 "000942","0","1","/cfdocs/expeval/displayopenedfile.cfm","GET","200","","not found","","","Unknown vuln","",""
 "000943","0","1","/cfdocs/expeval/sendmail.cfm","GET","200","","","","","Can be used to send email; go to the page and fill in the form","",""
-"000944","22","1ab","/cgi-bin/bigconf.cgi","GET","200","","","","","BigIP Configuration CGI","",""
+"000944","22","1ab","/cgi-bin/bigconf.cgi","GET","200","","","","","Big-IP Configuration CGI","",""
 "000945","0","1b","@CGIDIRSwebmap.cgi","GET","200","","","","","nmap front end... could be fun","",""
 "000946","0","1b","@CGIDIRSwwwwais","GET","UNISYS WEB SEARCH ENGINE","","","","","Unisys web server wais search found.","",""
 "000947","0","1b","/ammerum/","GET","200","","","","","Ammerum pre 0.6-1 had several security issues.","",""
@@ -6990,3 +6990,4 @@
 "007301","0","3","/phpci.yml","GET","build_settings:","","","","","PHP CI config file found.","",""
 "007302","0","1","/README.md","GET","200","","","","","Readme Found","",""
 "007303","0","3","/JAMonAdmin.jsp","GET","200","| JAMonAdmin |","","","","JAMon - Java Application Monitor Admin interface. Versions 2.7 and earlier are affected by CVE-2013-6235","",""
+"007304","0","7","/hsqldb;","GET","<title>HSQL Database Engine Servlet</title>","","","","","The F5 Big-IP's TMUI is vulnerable to a local file inclusion vulnerability and likely command exec. CVE-2020-5902.","",""