Land rapid7#8518, update CVE references where modules report_vuln

Brent Cook · Brent Cook · commit aa00661fd0a2 · 2017-06-08T13:38:12.000-05:00
diff --git a/modules/auxiliary/scanner/dns/dns_amp.rb b/modules/auxiliary/scanner/dns/dns_amp.rb
@@ -19,7 +19,12 @@ def initialize
           third party.
       },
       'Author'      => [ 'xistence <xistence[at]0x90.nl>'], # Original scanner module
-      'License'     => MSF_LICENSE
+      'License'     => MSF_LICENSE,
+      'References'  =>
+          [
+              ['CVE', '2006-0987'],
+              ['CVE', '2006-0988'],
+          ]
     )
 
     register_options( [
@@ -124,7 +129,7 @@ def scanner_process(data, shost, sport)
           :port => datastore['RPORT'],
           :proto => 'udp', :name => "DNS",
           :info => "DNS amplification -  #{data.length} bytes [#{amp.round(2)}x Amplification]",
-          :refs => [ "CVE-2006-0987", "CVE-2006-0988" ])
+          :refs => self.references)
       end
 
       # If these flags are set, we get a valid response but recursion is not available
diff --git a/modules/auxiliary/scanner/http/host_header_injection.rb b/modules/auxiliary/scanner/http/host_header_injection.rb
@@ -21,6 +21,7 @@ def initialize(info = {})
       'License'     => MSF_LICENSE,
       'References'  =>
         [
+          ['CVE', '2016-10073'], # validate, an instance of a described attack approach from the original reference
           ['URL', 'http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html']
         ]
     ))
diff --git a/modules/auxiliary/scanner/http/jenkins_command.rb b/modules/auxiliary/scanner/http/jenkins_command.rb
@@ -26,6 +26,8 @@ def initialize(info = {})
         ],
       'References'  =>
         [
+          ['CVE', '2015-8103'], # see link and validate, https://highon.coffee/blog/jenkins-api-unauthenticated-rce-exploit/ states this is another issue
+          ['URL', 'https://jenkins.io/security/advisory/2015-11-11/'],
           ['URL', 'https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/'],
           ['URL', 'https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Script+Console'],
         ],
diff --git a/modules/auxiliary/scanner/http/trace.rb b/modules/auxiliary/scanner/http/trace.rb
@@ -20,7 +20,12 @@ def initialize
           'Jay Turla <@shipcod3>' , #Cross-Site Tracing (XST) Checker
           'CG' #HTTP TRACE Detection
         ],
-      'License'     => MSF_LICENSE
+      'License'     => MSF_LICENSE,
+      'References'  =>
+        [
+          ['CVE', '2005-3398'], # early case where this vector applied to a specific application.
+          ['URL', 'https://www.owasp.org/index.php/Cross_Site_Tracing']
+        ]
     )
   end
 
diff --git a/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero.rb b/modules/auxiliary/scanner/ipmi/ipmi_cipher_zero.rb
@@ -23,6 +23,7 @@ def initialize
       'License'     => MSF_LICENSE,
       'References'  =>
         [
+          ['CVE', '2013-4782'],
           ['URL', 'http://fish2.com/ipmi/cipherzero.html'],
           ['OSVDB', '93038'],
           ['OSVDB', '93039'],
diff --git a/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb b/modules/auxiliary/scanner/misc/sercomm_backdoor_scanner.rb
@@ -24,6 +24,7 @@ def initialize(info={})
         'License'     => MSF_LICENSE,
         'References'     =>
         [
+          [ 'CVE', '2014-0659' ],
           [ 'OSVDB', '101653' ],
           [ 'URL', 'https://github.com/elvanderb/TCP-32764' ]
         ],
diff --git a/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb b/modules/auxiliary/scanner/ntp/ntp_peer_list_dos.rb
@@ -24,6 +24,7 @@ def initialize
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
           ['URL', 'http://r-7.co/R7-2014-12']
         ],
diff --git a/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb b/modules/auxiliary/scanner/ntp/ntp_peer_list_sum_dos.rb
@@ -24,6 +24,7 @@ def initialize
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
           ['URL', 'http://r-7.co/R7-2014-12']
         ],
diff --git a/modules/auxiliary/scanner/ntp/ntp_readvar.rb b/modules/auxiliary/scanner/ntp/ntp_readvar.rb
@@ -26,6 +26,7 @@ def initialize(info = {})
       'License'        => MSF_LICENSE,
       'References'     =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           [ 'URL', 'http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ]
         ]
       )
diff --git a/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb b/modules/auxiliary/scanner/ntp/ntp_req_nonce_dos.rb
@@ -25,6 +25,7 @@ def initialize
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
           ['URL', 'http://r-7.co/R7-2014-12']
         ],
diff --git a/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb b/modules/auxiliary/scanner/ntp/ntp_reslist_dos.rb
@@ -26,6 +26,7 @@ def initialize
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
           ['URL', 'http://r-7.co/R7-2014-12']
         ],
diff --git a/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb b/modules/auxiliary/scanner/ntp/ntp_unsettrap_dos.rb
@@ -24,6 +24,7 @@ def initialize
       'Author'         => 'Jon Hart <jon_hart[at]rapid7.com>',
       'References'     =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],
           ['URL', 'http://r-7.co/R7-2014-12']
         ],
diff --git a/modules/auxiliary/scanner/oracle/tnspoison_checker.rb b/modules/auxiliary/scanner/oracle/tnspoison_checker.rb
@@ -21,6 +21,7 @@ def initialize(info = {})
       'Author'         => ['ir0njaw (Nikita Kelesis) <nikita.elkey[at]gmail.com>'], # of Digital Security [http://dsec.ru]
       'References'     =>
         [
+          [ 'CVE', '2012-1675'],
           [ 'URL', 'http://seclists.org/fulldisclosure/2012/Apr/204' ],
         ],
       'DisclosureDate' => 'Apr 18 2012',
diff --git a/modules/auxiliary/scanner/portmap/portmap_amp.rb b/modules/auxiliary/scanner/portmap/portmap_amp.rb
@@ -20,6 +20,7 @@ def initialize
       'License'     => MSF_LICENSE,
       'References'  =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://www.us-cert.gov/ncas/alerts/TA14-017A'],
           ['URL', 'http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-early-warning-to-the-industry/']
         ],
diff --git a/modules/auxiliary/scanner/scada/moxa_discover.rb b/modules/auxiliary/scanner/scada/moxa_discover.rb
@@ -35,6 +35,7 @@ def initialize(info = {})
         'License'        => MSF_LICENSE,
         'References'     =>
         [
+          [ 'CVE', '2016-9361'],
           [ 'URL', 'https://www.digitalbond.com/blog/2016/10/25/serial-killers/'],
           [ 'URL', 'http://www.moxa.com/support/faq/faq_detail.aspx?id=646' ],
         ]
diff --git a/modules/auxiliary/scanner/udp/udp_amplification.rb b/modules/auxiliary/scanner/udp/udp_amplification.rb
@@ -16,6 +16,7 @@ def initialize
       'License'     => MSF_LICENSE,
       'References'  =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://www.us-cert.gov/ncas/alerts/TA14-017A']
         ]
     )
diff --git a/modules/auxiliary/scanner/udp_scanner_template.rb b/modules/auxiliary/scanner/udp_scanner_template.rb
@@ -21,7 +21,12 @@ def initialize(info = {})
         ),
         'Author'         => 'Joe Contributor <joe_contributor[at]example.com>',
         'DisclosureDate' => 'Mar 15 2014',
-        'License'        => MSF_LICENSE
+        'License'        => MSF_LICENSE,
+        'References'     =>
+          [
+              ['CVE', '0000-0000'], # remove or update if CVE exists
+              ['URL', 'https://SomeURLinCyberspace.local']
+          ]
       )
     )
 
diff --git a/modules/auxiliary/scanner/upnp/ssdp_amp.rb b/modules/auxiliary/scanner/upnp/ssdp_amp.rb
@@ -17,6 +17,7 @@ def initialize
       'License'     => MSF_LICENSE,
       'References'  =>
         [
+          ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb
           ['URL', 'https://www.us-cert.gov/ncas/alerts/TA14-017A']
         ],
     )
diff --git a/modules/auxiliary/scanner/upnp/ssdp_msearch.rb b/modules/auxiliary/scanner/upnp/ssdp_msearch.rb
@@ -13,7 +13,14 @@ def initialize
       'Name'        => 'UPnP SSDP M-SEARCH Information Discovery',
       'Description' => 'Discover information from UPnP-enabled systems',
       'Author'      => [ 'todb', 'hdm'], # Original scanner module and vuln info reporter, respectively
-      'License'     => MSF_LICENSE
+      'License'     => MSF_LICENSE,
+      'References'  =>
+        [
+          ['CVE', '2012-5958'],
+          ['CVE', '2012-5959'],
+          ['CVE', '2013-0230'],
+          ['CVE', '2013-0229']
+        ]
     )
 
     register_options( [
diff --git a/modules/auxiliary/scanner/vnc/vnc_none_auth.rb b/modules/auxiliary/scanner/vnc/vnc_none_auth.rb
@@ -17,6 +17,7 @@ def initialize
       'Description' => 'Detect VNC servers that support the "None" authentication method.',
       'References'  =>
         [
+          ['CVE', '2006-2369'], # a related instance where "None" could be offered and used when not configured as allowed.
           ['URL', 'http://en.wikipedia.org/wiki/RFB'],
           ['URL', 'http://en.wikipedia.org/wiki/Vnc'],
         ],
diff --git a/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb b/modules/exploits/unix/webapp/actualanalyzer_ant_cookie_exec.rb
@@ -27,6 +27,7 @@ def initialize(info = {})
         ],
       'References'      =>
         [
+          ['CVE', '2014-5470'],
           ['EDB', '34450'],
           ['OSVDB', '110601']
         ],

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ def initialize(info = {})`
`21`	`21`	`'License' => MSF_LICENSE,`
`22`	`22`	`'References' =>`
`23`	`23`	`[`
	`24`	`+ ['CVE', '2016-10073'], # validate, an instance of a described attack approach from the original reference`
`24`	`25`	`['URL', 'http://www.skeletonscribe.net/2013/05/practical-http-host-header-attacks.html']`
`25`	`26`	`]`
`26`	`27`	`))`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,8 @@ def initialize(info = {})`
`26`	`26`	`],`
`27`	`27`	`'References' =>`
`28`	`28`	`[`
	`29`	`+ ['CVE', '2015-8103'], # see link and validate, https://highon.coffee/blog/jenkins-api-unauthenticated-rce-exploit/ states this is another issue`
	`30`	`+ ['URL', 'https://jenkins.io/security/advisory/2015-11-11/'],`
`29`	`31`	`['URL', 'https://www.pentestgeek.com/penetration-testing/hacking-jenkins-servers-with-no-password/'],`
`30`	`32`	`['URL', 'https://wiki.jenkins-ci.org/display/JENKINS/Jenkins+Script+Console'],`
`31`	`33`	`],`
Original file line number	Diff line number	Diff line change
`@@ -23,6 +23,7 @@ def initialize`
`23`	`23`	`'License' => MSF_LICENSE,`
`24`	`24`	`'References' =>`
`25`	`25`	`[`
	`26`	`+ ['CVE', '2013-4782'],`
`26`	`27`	`['URL', 'http://fish2.com/ipmi/cipherzero.html'],`
`27`	`28`	`['OSVDB', '93038'],`
`28`	`29`	`['OSVDB', '93039'],`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ def initialize(info={})`
`24`	`24`	`'License' => MSF_LICENSE,`
`25`	`25`	`'References' =>`
`26`	`26`	`[`
	`27`	`+ [ 'CVE', '2014-0659' ],`
`27`	`28`	`[ 'OSVDB', '101653' ],`
`28`	`29`	`[ 'URL', 'https://github.com/elvanderb/TCP-32764' ]`
`29`	`30`	`],`
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ def initialize`
`24`	`24`	`'Author' => 'Jon Hart <jon_hart[at]rapid7.com>',`
`25`	`25`	`'References' =>`
`26`	`26`	`[`
	`27`	`+ ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb`
`27`	`28`	`['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],`
`28`	`29`	`['URL', 'http://r-7.co/R7-2014-12']`
`29`	`30`	`],`
Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@ def initialize(info = {})`
`26`	`26`	`'License' => MSF_LICENSE,`
`27`	`27`	`'References' =>`
`28`	`28`	`[`
	`29`	`+ ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb`
`29`	`30`	`[ 'URL', 'http://www.rapid7.com/vulndb/lookup/ntp-clock-variables-disclosure' ]`
`30`	`31`	`]`
`31`	`32`	`)`
Original file line number	Diff line number	Diff line change
`@@ -25,6 +25,7 @@ def initialize`
`25`	`25`	`'Author' => 'Jon Hart <jon_hart[at]rapid7.com>',`
`26`	`26`	`'References' =>`
`27`	`27`	`[`
	`28`	`+ ['CVE', '2013-5211'], # see also scanner/ntp/ntp_monlist.rb`
`28`	`29`	`['URL', 'https://github.com/rapid7/metasploit-framework/pull/3696'],`
`29`	`30`	`['URL', 'http://r-7.co/R7-2014-12']`
`30`	`31`	`],`