vpatch-CVE-2024-38816 AppSec Rule

« vpatch-CVE-2024-38816 »
v0.2 by crowdsecurity
AppSec rule

Spring - Path Traversal (CVE-2024-38816)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-38816

YAML Configuration

1
2name: crowdsecurity/vpatch-CVE-2024-38816
3description: "Spring - Path Traversal (CVE-2024-38816)"
4rules:
5  - and:
6    - zones:
7      - METHOD
8      match:
9        type: equals
10        value: GET
11    - zones:
12      - URI
13      transform:
14      - lowercase
15      - urldecode
16      match:
17        type: contains
18        value: "/static/link/../"
19labels:
20  type: exploit
21  service: http
22  confidence: 3
23  spoofable: 0
24  behavior: "http:exploit"
25  label: "Spring - Path Traversal"
26  classification:
27   - cve.CVE-2024-38816
28   - attack.T1595
29   - attack.T1190
30   - cwe.CWE-22

Hub Appsec rule

« vpatch-CVE-2024-38816 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2024-38816 »
v0.2 by crowdsecurity
AppSec rule