vpatch-CVE-2024-51567 AppSec Rule

« vpatch-CVE-2024-51567 »
v0.1 by crowdsecurity
AppSec rule

CyberPanel RCE (CVE-2024-51567)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-51567

YAML Configuration

1
2name: crowdsecurity/vpatch-CVE-2024-51567
3description: "CyberPanel RCE (CVE-2024-51567)"
4rules:
5  - and:
6    - zones:
7      - URI
8      transform:
9      - lowercase
10      match:
11        type: equals
12        value: /databases/upgrademysqlstatus
13    - zones:
14      - METHOD
15      match:
16        type: equals
17        value: PUT
18    - zones:
19      - BODY_ARGS
20      transform:
21        - lowercase
22        - urldecode
23      variables:
24       - json.statusfile
25      match:
26        type: contains
27        value: ';'
28labels:
29  type: exploit
30  service: http
31  confidence: 3
32  spoofable: 0
33  behavior: "http:exploit"
34  label: "CyberPanel RCE"
35  classification:
36   - cve.CVE-2024-51567
37   - attack.T1595
38   - attack.T1190
39   - cwe.CWE-306
40   - cwe.CWE-276

Hub Appsec rule

« vpatch-CVE-2024-51567 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-51567 »
v0.1 by crowdsecurity
AppSec rule