Hub Appsec rule

More info

vpatch-CVE-2019-7276 AppSec Rule

« vpatch-CVE-2019-7276 »
v0.1 by crowdsecurity
AppSec rule

Detects unauthenticated remote code execution in Optergy Proton/Enterprise via backdoor console endpoint.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2019-7276

YAML Configuration

1## autogenerated on 2025-11-05 15:02:36
2name: crowdsecurity/vpatch-CVE-2019-7276
3description: 'Detects unauthenticated remote code execution in Optergy Proton/Enterprise via backdoor console endpoint.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: contains
12          value: /tools/ajax/consoleresult.html
13      - zones:
14          - BODY_ARGS_NAMES
15        match:
16          type: contains
17          value: command
18
19labels:
20  type: exploit
21  service: http
22  confidence: 3
23  spoofable: 0
24  behavior: 'http:exploit'
25  label: 'Optergy Proton/Enterprise - RCE'
26  classification:
27    - cve.CVE-2019-7276
28    - attack.T1190
29    - cwe.CWE-78
30

Hub Appsec rule

« vpatch-CVE-2019-7276 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2019-7276 »
v0.1 by crowdsecurity
AppSec rule