Hub WAF rule

More info

vpatch-CVE-2024-4577 WAF Rule

« PHP CGI - Command Injection »
v0.2 by crowdsecurity
WAF rule

PHP CGI Command Injection - CVE-2024-4577

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-4577

YAML Configuration

1name: crowdsecurity/vpatch-CVE-2024-4577
2description: "PHP CGI Command Injection - CVE-2024-4577"
3rules:
4  - and:
5    - zones:
6      - URI_FULL
7      transform:
8      - lowercase
9      match:
10        type: contains
11        value: "?%ad"
12labels:
13  type: exploit
14  service: http
15  confidence: 3
16  spoofable: 0
17  behavior: "http:exploit"
18  label: "PHP CGI - Command Injection"
19  classification:
20   - cve.CVE-2024-4577
21   - attack.T1595
22   - attack.T1190
23   - attack.T1059
24   - cwe.CWE-74
25   - cwe.CWE-88
26   - cwe.CWE-707
27
28
29

Hub WAF rule

« PHP CGI - Command Injection »v0.2 by crowdsecurityWAF rule

« PHP CGI - Command Injection »
v0.2 by crowdsecurity
WAF rule