vpatch-CVE-2022-35914 AppSec Rule

« vpatch-CVE-2022-35914 »
v0.5 by crowdsecurity
AppSec rule

GLPI RCE (CVE-2022-35914)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2022-35914

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2022-35914
2description: "GLPI RCE (CVE-2022-35914)"
3rules:
4  - and:
5    - zones:
6      - URI
7      transform:
8      - lowercase
9      match:
10        type: endsWith
11        value: /vendor/htmlawed/htmlawed/htmlawedtest.php
12
13labels:
14  type: exploit
15  service: http
16  confidence: 3
17  spoofable: 0
18  behavior: "http:exploit"
19  label: "GLPI RCE"
20  classification:
21   - cve.CVE-2022-35914
22   - attack.T1595
23   - attack.T1190
24   - cwe.CWE-74

Hub Appsec rule

« vpatch-CVE-2022-35914 »v0.5 by crowdsecurityAppSec rule

« vpatch-CVE-2022-35914 »
v0.5 by crowdsecurity
AppSec rule