apache-licenserc: Apache License File

漏洞描述

PoC代码[已公开]

id: apache-licenserc

info:
  name: Apache License File
  author: DhiyaneshDk
  severity: low
  description: Apache License file is exposed.
  metadata:
    verified: true
    max-request: 1
  tags: exposure,file,apache,vuln

http:
  - method: GET
    path:
      - '{{BaseURL}}/.licenserc.yaml'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - 'header:'
          - 'license:'
          - 'copyright-owner:'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022043f588dbefd26d5823cd66d4bf8df0ca4c441f35c607c13be5874d82b22a7dfb0221008e61e6616239545cc19f0451073830b03b2d3ea4ed775e4d30711defdec98fa9:922c64590222798bb761d5b6d8e72950

相关漏洞推荐

• Apache Tomcat URL重写绕过漏洞 （CVE-2025-55752）
• Apache ZooKeeper /commands/snapshot 权限绕过漏洞（CVE-2024-51504）
• Apache Linkis 权限绕过漏洞（CVE-2023-27987）
• CVE-2019-17558: Apache Solr Velocity Template RCE
• tomcat-default-login: Apahce Tomcat Manager Default Login
• flink-unauth-rce: Apache Flink Unauth RCE
• solr-file-read: Apache Solr <= 8.8.1 Arbitrary File Read
• Apache Struts2 S2-067 /index.action 文件上传漏洞（CVE-2024-53677）
• Apache CXF Aegis databinding /test 文件读取漏洞（CVE-2024-28752）
• Apache Struts2 2.0.0～2.2.3 S2-007 /user.action 命令执行漏洞（CVE-2012-0838）
• Apache ActiveMQ Artemis Console存在默认账号密码
• Apache OFBiz StatsSinceStart 远程代码执行漏洞（CVE-2024-45507）
• Apache OFBiz /partymgr/control/getJSONuiLabel 服务器端请求伪造漏洞（CVE-2023-50968）