vpatch-CVE-2020-5902 AppSec Rule

« vpatch-CVE-2020-5902 »
v0.1 by crowdsecurity
AppSec rule

F5 BIG-IP TMUI - RCE (CVE-2020-5902)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2020-5902

YAML Configuration

1
2name: crowdsecurity/vpatch-CVE-2020-5902
3description: "F5 BIG-IP TMUI - RCE (CVE-2020-5902)"
4rules:
5  - and:
6    - zones:
7      - METHOD
8      match:
9        type: equals
10        value: GET
11    - zones:
12      - URI
13      transform:
14      - lowercase
15      - urldecode
16      match:
17        type: contains
18        value: /tmui/login.jsp/..;/tmui/
19labels:
20  type: exploit
21  service: http
22  confidence: 3
23  spoofable: 0
24  behavior: "http:exploit"
25  label: "F5 BIG-IP TMUI - RCE"
26  classification:
27   - cve.CVE-2020-5902
28   - attack.T1595
29   - attack.T1190
30   - cwe.CWE-22
31

Hub Appsec rule

« vpatch-CVE-2020-5902 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2020-5902 »
v0.1 by crowdsecurity
AppSec rule