lib/scanner/plugins/servers/apache.rb in yawast-0.7.1 vs lib/scanner/plugins/servers/apache.rb in yawast-0.7.2
- old
+ new
@@ -1,15 +1,18 @@
# frozen_string_literal: true
require 'base64'
+require 'polyfill'
require 'securerandom'
module Yawast
module Scanner
module Plugins
module Servers
class Apache
+ using Polyfill({Regexp: :all})
+
def self.check_banner(banner)
Yawast::Shared::Output.log_hash 'vulnerabilities',
'apache_openssl_version_exposed',
{vulnerable: false, version: nil}
Yawast::Shared::Output.log_hash 'vulnerabilities',
@@ -26,11 +29,11 @@
modules = banner.split(' ')
server = modules[0]
# fix '(distro)' issue, such as with 'Apache/2.2.22 (Ubuntu)'
# if we don't do this, it triggers a false positive on the module check
- if /\(\w*\)/.match? modules[1]
+ if !modules[1].nil? && /\(\w*\)/.match?(modules[1])
server += " #{modules[1]}"
modules.delete_at 1
end
# print the server info no matter what we do next
@@ -65,11 +68,12 @@
def self.check_all(uri, links = nil)
# run all the defined checks
check_server_status(uri.copy)
check_server_info(uri.copy)
check_tomcat_manager(uri.copy)
- check_tomcat_version(uri.copy)
+ check_tomcat_version(uri.copy, true)
+ check_tomcat_version(uri.copy, false)
check_tomcat_put_rce(uri.copy)
check_struts2_samples(uri.copy)
unless links.nil?
check_cve_2019_0232(links)
@@ -82,36 +86,49 @@
def self.check_server_info(uri)
check_page_for_string uri, '/server-info', 'Apache Server Information'
end
- def self.check_tomcat_version(uri)
+ def self.check_tomcat_version(uri, use_invalid_method)
Yawast::Shared::Output.log_hash 'vulnerabilities',
'apache_tomcat_version_exposed',
{vulnerable: false, version: nil, body: nil}
begin
- req = Yawast::Shared::Http.get_http(uri)
- req.use_ssl = uri.scheme == 'https'
- headers = Yawast::Shared::Http.get_headers
- res = req.request(Xyz.new('/', headers))
+ if use_invalid_method
+ vuln = 'apache_tomcat_version_exposed_invalid_method'
- if !res.body.nil? && res.body.include?('Apache Tomcat') && res.code == '501'
+ req = Yawast::Shared::Http.get_http(uri)
+ req.use_ssl = uri.scheme == 'https'
+ headers = Yawast::Shared::Http.get_headers
+ res = req.request(Xyz.new('/', headers))
+ else
+ vuln = 'apache_tomcat_version_exposed_404'
+
+ uri.path = "/#{SecureRandom.hex}.jsp"
+ res = Yawast::Shared::Http.get_raw(uri)
+ end
+
+ if !res.body.nil? && res.body.include?('Apache Tomcat') && (res.code == '501' || res.code == '401')
# check to see if there's a version number
version = /Apache Tomcat\/\d*.\d*.\d*\b/.match res.body
if !version.nil? && !version[0].nil?
Yawast::Utilities.puts_warn "Apache Tomcat Version Found: #{version[0]}"
Yawast::Shared::Output.log_hash 'vulnerabilities',
- 'apache_tomcat_version_exposed',
+ vuln,
{vulnerable: true, version: version[0], body: res.body}
- puts "\t\t\"curl -X XYZ #{uri}\""
+ if use_invalid_method
+ puts "\t\t\"curl -X XYZ #{uri}\""
+ else
+ puts "\t\t\"curl #{uri}\""
+ end
puts ''
else
Yawast::Shared::Output.log_hash 'vulnerabilities',
- 'apache_tomcat_version_exposed',
+ vuln,
{vulnerable: false, version: nil, body: res.body}
end
end
end
end