security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
b2acd800981e1c8d9f747173eb7803f0405cebd6
blue-team-tools/rules/application/nodejs/nodejs_rce_exploitation_attempt.yml
T

23 lines
883 B
YAML
Raw Normal View History

feat: add new application vulnerability rules (#4034)
2023-02-15 13:29:53 +02:00
title: Potential RCE Exploitation Attempt In NodeJS
id: 97661d9d-2beb-4630-b423-68985291a8af
chore: promote older rules status from experimental to test (#4651)
2024-01-01 09:00:51 +01:00
status: test
feat: add new application vulnerability rules (#4034)
2023-02-15 13:29:53 +02:00
description: Detects process execution related errors in NodeJS. If the exceptions are caused due to user input then they may suggest an RCE vulnerability.
references:
- https://www.wix.engineering/post/threat-and-vulnerability-hunting-with-application-server-error-logs
author: Moti Harmats
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
date: 2023-02-11
feat: add new application vulnerability rules (#4034)
2023-02-15 13:29:53 +02:00
tags:
Merge PR #4950 from @nasbench - Comply With v2 Spec Changes
2024-08-12 12:02:50 +02:00
- attack.initial-access
feat: add new application vulnerability rules (#4034)
2023-02-15 13:29:53 +02:00
- attack.t1190
logsource:
category: application
product: nodejs
definition: 'Requirements: application error logs must be collected (with LOG_LEVEL=ERROR and above)'
detection:
keywords:
- 'node:child_process'
condition: keywords
falsepositives:
- Puppeteer invocation exceptions often contain child_process related errors, that doesn't necessarily mean that the app is vulnerable.
level: high
Reference in New Issue Copy Permalink