-
Notifications
You must be signed in to change notification settings - Fork 50
/
Copy pathhttp-vuln-cve2023-3519.nse
67 lines (52 loc) · 1.81 KB
/
http-vuln-cve2023-3519.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
-- Usage: nmap --script cve-2023-3519-checker <target>
-- Nmap NSE script for CVE-2023-3519 Citrix unauthenticated remote code execution
-- Inspried from https://github.com/telekom-security/cve-2023-3519-citrix-scanner
description = [[
Checks target for CVE-2023-3519 vulnerability.
]]
author = "Dhiraj Mishra (@RandomDhiraj)"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"safe", "vuln"}
references = {
'https://nvd.nist.gov/vuln/detail/CVE-2023-3519',
'https://twitter.com/DTCERT/status/1682032701430452233'
}
description = [[
Checks target for CVE-2023-3519 vulnerability.
Compares "Last-Modified" header in the server response to known patched versions.
]]
categories = {"safe", "vuln"}
local http = require "http"
local shortport = require "shortport"
local strbuf = require "strbuf"
portrule = shortport.ssl
local PATCHED_VERSIONS = {
"Fri, 07 Jul 2023 15:39:40 GMT",
"Mon, 10 Jul 2023 17:41:17 GMT",
"Mon, 10 Jul 2023 18:36:14 GMT"
}
function checkversion(last_modified)
for _, patch in ipairs(PATCHED_VERSIONS) do
if last_modified == patch then
return "Patched version detected"
end
end
return "Potentially vulnerable (Older than 01 Jul 2023)"
end
action = function(host, port)
local response
local patched = "Not verifiable"
local last_modified
response = http.get(host, port, "/")
if response.status == 200 then
last_modified = response.header["last-modified"]
if last_modified then
patched = checkversion(last_modified)
else
last_modified = "N/A"
end
return ("IP: %s | Last Modified Header: %s | Result: %s\n"):format(host.ip, last_modified, patched)
else
return ("IP: %s | Unable to retrieve response\n"):format(host.ip)
end
end