vpatch-CVE-2022-27926 AppSec Rule

« vpatch-CVE-2022-27926 »
v0.4 by crowdsecurity
AppSec rule

Zimbra Collaboration XSS (CVE-2022-27926)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2022-27926

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2022-27926
2description: "Zimbra Collaboration XSS (CVE-2022-27926)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: /public/error.jsp
12    - zones:
13      - ARGS
14      variables:
15      - errCode
16      transform:
17      - lowercase
18      match:
19        type: libinjectionXSS
20labels:
21  type: exploit
22  service: http
23  confidence: 3
24  spoofable: 0
25  behavior: "http:exploit"
26  label: "Zimbra Collaboration (ZCS) - XSS"
27  classification:
28   - cve.CVE-2022-27926
29   - attack.T1595
30   - attack.T1190
31   - cwe.CWE-79

Hub Appsec rule

« vpatch-CVE-2022-27926 »v0.4 by crowdsecurityAppSec rule

« vpatch-CVE-2022-27926 »
v0.4 by crowdsecurity
AppSec rule