Land rapid7#3337, release fixes

Author: wvu

modules/auxiliary/gather/f5_bigip_cookie_disclosure.rb

@@ -14,8 +14,8 @@ def initialize(info = {})
     super(update_info(info,
       'Name'           => 'F5 BigIP Backend Cookie Disclosure',
       'Description'    => %q{
-        This module identify F5 BigIP Load Balancers and leaks backends
-        information through cookies.
+        This module identifies F5 BigIP load balancers and leaks backend
+        information through cookies inserted by the BigIP devices.
       },
       'Author'         => [ 'Thanat0s <thanspam[at]trollprod.org>' ],
       'References'     =>
@@ -96,13 +96,13 @@ def run
       cookie = get_cookie() # Get the cookie
       # If the cookie is not found, stop process
       if cookie.empty? || cookie[:id].nil?
-        print_error("#{peer} - F5 Server Load Balancing cookie not found")
+        print_error("#{peer} - F5 Server load balancing cookie not found")
         break
       end
 
       # Print the cookie name on the first request
       if i == 0
-        print_status("#{peer} - F5 Server Load Balancing \"#{cookie[:id]}\" found")
+        print_status("#{peer} - F5 Server load balancing cookie \"#{cookie[:id]}\" found")
       end
 
       back_end = cookie_decode(cookie[:value])

modules/exploits/multi/http/struts_code_exec_classloader.rb

@@ -17,9 +17,9 @@ def initialize(info = {})
       'Name'           => 'Apache Struts ClassLoader Manipulation Remote Code Execution',
       'Description'    => %q{
         This module exploits a remote command execution vulnerability in Apache Struts
-        versions < 2.3.16.2. This issue is caused because the ParametersInterceptor allows
-        access to 'class' parameter which is directly mapped to getClass() method and
-        allows ClassLoader manipulation, which allows remote attackers to execute arbitrary
+        versions < 2.3.16.2. This vulnerability is due to the ParametersInterceptor, which allows
+        access to 'class' parameter that is directly mapped to getClass() method and
+        allows ClassLoader manipulation. As a result, this can allow remote attackers to execute arbitrary
         Java code via crafted parameters.
       },
       'Author'         =>

modules/exploits/windows/local/ms13_053_schlamperei.rb

@@ -8,7 +8,7 @@
 require 'rex'
 
 class Metasploit3 < Msf::Exploit::Local
-  Rank = GreatRanking
+  Rank = AverageRanking
 
   include Msf::Post::File
   include Msf::Post::Windows::Priv
@@ -20,11 +20,11 @@ def initialize(info={})
     super(update_info(info, {
       'Name'           => 'Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)',
       'Description'    => %q{
-        A kernel pool overflow in Win32k which allows local privilege escalation.
+        This module leverages a kernel pool overflow in Win32k which allows local privilege escalation.
         The kernel shellcode nulls the ACL for the winlogon.exe process (a SYSTEM process).
         This allows any unprivileged process to freely migrate to winlogon.exe, achieving
-        privilege escalation. Used in pwn2own 2013 by MWR to break out of chrome's sandbox.
-        NOTE: when you exit the meterpreter session, winlogon.exe is likely to crash.
+        privilege escalation. This exploit was used in pwn2own 2013 by MWR to break out of chrome's sandbox.
+        NOTE: when a meterpreter session started by this exploit exits, winlogin.exe is likely to crash.
       },
       'License'        => MSF_LICENSE,
       'Author'         =>