Hub Appsec rule

More info

vpatch-CVE-2024-32870 AppSec Rule

« vpatch-CVE-2024-32870 »
v0.1 by crowdsecurity
AppSec rule

Detects unauthorized access to iTop Hub Connector information disclosure endpoint.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-32870

YAML Configuration

1## autogenerated on 2025-05-09 09:19:00
2name: crowdsecurity/vpatch-CVE-2024-32870
3description: 'Detects unauthorized access to iTop Hub Connector information disclosure endpoint.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10          - urldecode
11        match:
12          type: contains
13          value: /pages/exec.php
14      - zones:
15          - ARGS
16        variables:
17          - exec_module
18        transform:
19          - lowercase
20          - urldecode
21        match:
22          type: equals
23          value: itop-hub-connector
24      - zones:
25          - ARGS
26        variables:
27          - exec_page
28        transform:
29          - lowercase
30          - urldecode
31        match:
32          type: equals
33          value: launch.php
34      - zones:
35          - ARGS
36        variables:
37          - target
38        transform:
39          - lowercase
40          - urldecode
41        match:
42          type: equals
43          value: inform_after_setup
44
45labels:
46  type: exploit
47  service: http
48  confidence: 3
49  spoofable: 0
50  behavior: 'http:exploit'
51  label: 'ITop - Information Disclosure'
52  classification:
53    - cve.CVE-2024-32870
54    - attack.T1592
55    - cwe.CWE-200
56

Hub Appsec rule

« vpatch-CVE-2024-32870 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-32870 »
v0.1 by crowdsecurity
AppSec rule