security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d14e287cdf91e2a8b995de5bfbc3fa8540c1922b
blue-team-tools/rules/web/webserver_generic/web_cve_2019_3398_confluence.yml
T
Nasreddine Bencherchali 7c38a5c496 chore: add nextron authors tag
2023-02-01 11:14:59 +01:00

28 lines
745 B
YAML
Raw Blame History

title: Confluence Exploitation CVE-2019-3398
id: e9bc39ae-978a-4e49-91ab-5bd481fc668b
status: test
description: Detects the exploitation of the Confluence vulnerability described in CVE-2019-3398
references:
- https://devcentral.f5.com/s/articles/confluence-arbitrary-file-write-via-path-traversal-cve-2019-3398-34181
author: Florian Roth (Nextron Systems)
date: 2020/05/26
modified: 2023/01/02
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-method: 'POST'
cs-uri-query|contains|all:
- '/upload.action'
- 'filename=../../../../'
condition: selection
fields:
- c-ip
- c-dns
falsepositives:
- Unknown
level: critical
Reference in New Issue View Git Blame Copy Permalink