Hub WAF rule

More info

vpatch-CVE-2021-26294 WAF Rule

« AfterLogic Aurora/WebMail Pro - Information Disclosure »
v0.2 by crowdsecurity
WAF rule

Detects unauthorized access to AfterLogic Aurora/WebMail Pro WebDAV endpoint using default caldav_public_user credentials and path traversal.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2021-26294

YAML Configuration

1## autogenerated on 2025-04-23 13:04:53
2name: crowdsecurity/vpatch-CVE-2021-26294
3description: 'Detects unauthorized access to AfterLogic Aurora/WebMail Pro WebDAV endpoint using default caldav_public_user credentials and path traversal.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10          - urldecode
11        match:
12          type: contains
13          value: /dav/server.php/files/personal/
14      - zones:
15          - URI
16        transform:
17          - lowercase
18          - urldecode
19        match:
20          type: contains
21          value: '..'
22labels:
23  type: exploit
24  service: http
25  confidence: 3
26  spoofable: 0
27  behavior: 'http:exploit'
28  label: "AfterLogic Aurora/WebMail Pro - Information Disclosure"
29  classification:
30    - cve.CVE-2021-26294
31    - attack.T1040
32    - cwe.CWE-22
33

Hub WAF rule

« AfterLogic Aurora/WebMail Pro - Information Disclosure »v0.2 by crowdsecurityWAF rule

« AfterLogic Aurora/WebMail Pro - Information Disclosure »
v0.2 by crowdsecurity
WAF rule