vpatch-CVE-2024-27198 AppSec Rule

« vpatch-CVE-2024-27198 »
v0.5 by crowdsecurity
AppSec rule

Teamcity - Authentication Bypass (CVE-2024-27198)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-27198

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2024-27198
2description: "Teamcity - Authentication Bypass (CVE-2024-27198)"
3rules:
4  - and:
5      - zones:
6          - URI_FULL
7        transform:
8          - lowercase
9        match:
10          type: contains
11          value: ";.jsp"
12      - zones:
13          - URI_FULL
14        transform:
15          - lowercase
16        match:
17          type: contains
18          value: "/app/rest/"
19labels:
20  type: exploit
21  service: http
22  confidence: 3
23  spoofable: 0
24  behavior: "http:exploit"
25  label: "Teamcity - Authentication Bypass"
26  classification:
27    - cve.CVE-2024-27198
28    - attack.T1595
29    - attack.T1190
30    - cwe.CWE-94
31

Hub Appsec rule

« vpatch-CVE-2024-27198 »v0.5 by crowdsecurityAppSec rule

« vpatch-CVE-2024-27198 »
v0.5 by crowdsecurity
AppSec rule