vpatch-CVE-2018-10562 AppSec Rule

« vpatch-CVE-2018-10562 »
v0.2 by crowdsecurity
AppSec rule

Dasan GPON RCE (CVE-2018-10562)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2018-10562

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2018-10562
2description: "Dasan GPON RCE (CVE-2018-10562)"
3rules:
4  - and:
5    - zones:
6      - METHOD
7      match:
8        type: equals
9        value: POST
10    - zones:
11      - URI
12      transform:
13      - lowercase
14      match:
15        type: endsWith
16        value: /gponform/diag_form
17    - zones:
18      - BODY_ARGS
19      variables:
20      - dest_host
21      match:
22        type: regex
23        value: "[^0-9a-zA-Z-.]+"
24
25labels:
26  type: exploit
27  service: http
28  confidence: 3
29  spoofable: 0
30  behavior: "http:exploit"
31  label: "Dasan GPON RCE"
32  classification:
33   - cve.CVE-2018-10562
34   - attack.T1595
35   - attack.T1190
36   - cwe.CWE-78

Hub Appsec rule

« vpatch-CVE-2018-10562 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2018-10562 »
v0.2 by crowdsecurity
AppSec rule