Hub Appsec rule

More info

vpatch-CVE-2022-22965 AppSec Rule

« vpatch-CVE-2022-22965 »
v0.2 by crowdsecurity
AppSec rule

Spring4Shell - RCE (CVE-2022-22965)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2022-22965

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2022-22965
2description: "Spring4Shell - RCE (CVE-2022-22965)"
3rules:
4  - zones:
5    - RAW_BODY
6    - ARGS_NAMES
7    match:
8      type: contains
9      value: class.module.classLoader.resources.
10labels:
11  type: exploit
12  service: http
13  confidence: 3
14  spoofable: 0
15  behavior: "http:exploit"
16  label: "Spring4Shell - RCE"
17  classification:
18   - cve.CVE-2022-22965
19   - attack.T1595
20   - attack.T1190
21   - cwe.CWE-94
22
23
24

Hub Appsec rule

« vpatch-CVE-2022-22965 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2022-22965 »
v0.2 by crowdsecurity
AppSec rule