SILICA 7.48 Release Notes
Updated embedded Canvas version with additional exploits for the "Attack" module:
-
CVE-2017-7504 - jbossmq_httpil_deserialization
Targets Red Hat Jboss Application Server <= Jboss 4.X
-
CVE-2021-41773, CVE-2021-42013 - apache_cgi_rce
Targets Apache 2.4.49 and Apache 2.4.50 on x64 Linux only
-
CVE-2022-0543 - redis_sandbox_escape_rce
Targets redis versions: 5:5.0.14-1+deb10u1, 5:5.0.3-4, 5:6.0.15-1
-
CVE-2022-1388 - f5_bigip_auth_bypass_rce
Targets unpatched versions of BIG-IP prior to v17
-
CVE-2022-29464 - wso2_file_upload_rce
Targets several WSO2 products via arbitrary file upload
Also:
- It is now possible to select the exploits that the "Attack" module will use
on the "Module Config" tab of the Settings dialog.