Hub Appsec rule

More info

vpatch-CVE-2021-34427 AppSec Rule

« vpatch-CVE-2021-34427 »
v0.1 by crowdsecurity
AppSec rule

Detects JSP injection leading to remote code execution in Eclipse BIRT Viewer via crafted query parameters.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2021-34427

YAML Configuration

1## autogenerated on 2025-12-17 14:59:35
2name: crowdsecurity/vpatch-CVE-2021-34427
3description: 'Detects JSP injection leading to remote code execution in Eclipse BIRT Viewer via crafted query parameters.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10          - urldecode
11        match:
12          type: contains
13          value: '/document'
14      - zones:
15          - ARGS
16        variables:
17          - __document
18        transform:
19          - lowercase
20          - urldecode
21        match:
22          type: contains
23          value: '.jsp/.'
24      - zones:
25          - ARGS
26        variables:
27          - sample
28        transform:
29          - lowercase
30          - urldecode
31        match:
32          type: contains
33          value: '<%'
34
35labels:
36  type: exploit
37  service: http
38  confidence: 3
39  spoofable: 0
40  behavior: 'http:exploit'
41  label: 'Eclipse BIRT - RCE'
42  classification:
43    - cve.CVE-2021-34427
44    - attack.T1190
45    - cwe.CWE-434
46

Hub Appsec rule

« vpatch-CVE-2021-34427 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2021-34427 »
v0.1 by crowdsecurity
AppSec rule