improve the regex by removing the unnecessary word boundrys, and add a non matching group for the product name. Thanks jvoisin

sfewer-r7 · sfewer-r7 · commit 4d42c7878e2f · 2025-01-09T11:43:58.000Z
diff --git a/modules/exploits/multi/http/cleo_rce_cve_2024_55956.rb b/modules/exploits/multi/http/cleo_rce_cve_2024_55956.rb
@@ -96,9 +96,9 @@ def check
 
     # We expect the server to respond with an HTTP Server header like "Cleo LexiCom/5.8.0.0 (Windows Server 2022)".
     # Note, the target product may be either LexiCom, VLTrader, or Harmony.
-    if res.headers.key?('Server') && (res.headers['Server'] =~ %r{cleo\s+(\blexicom\b|\bvltrader\b|\bharmony\b)/(\d+\.\d+\.\d+\.\d+)}i)
+    if res.headers.key?('Server') && (res.headers['Server'] =~ %r{cleo\s+(?:lexicom|vltrader|harmony)/(\d+\.\d+\.\d+\.\d+)}i)
 
-      if Rex::Version.new(Regexp.last_match(2)) <= Rex::Version.new('5.8.0.23')
+      if Rex::Version.new(Regexp.last_match(1)) <= Rex::Version.new('5.8.0.23')
         return CheckCode::Appears(res.headers['Server'])
       end
 
