vpatch-CVE-2024-4577 AppSec Rule

« vpatch-CVE-2024-4577 »
v0.1 by crowdsecurity
AppSec rule

PHP CGI Command Injection - CVE-2024-4577

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-4577

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2024-4577
2description: "PHP CGI Command Injection - CVE-2024-4577"
3rules:
4  - and:
5    - zones:
6      - URI_FULL
7      transform:
8      - lowercase
9      match:
10        type: contains
11        value: "?%ad"
12labels:
13  type: exploit
14  service: http
15  confidence: 3
16  spoofable: 0
17  behavior: "http:exploit"
18  label: "PHP CGI Command Injection - CVE-2024-4577"
19  classification:
20   - cve.CVE-2024-4577
21   - attack.T1595
22   - attack.T1190
23   - attack.T1059
24   - cwe.CWE-74
25   - cwe.CWE-88
26   - cwe.CWE-707
27
28
29

Hub Appsec rule

« vpatch-CVE-2024-4577 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-4577 »
v0.1 by crowdsecurity
AppSec rule