Hub Appsec rule

More info

vpatch-CVE-2024-6235 AppSec Rule

« vpatch-CVE-2024-6235 »
v0.1 by crowdsecurity
AppSec rule

Detects unauthorized access to sensitive NetScaler Console configuration endpoint disclosing ADM_SESSIONID.

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-6235

YAML Configuration

1## autogenerated on 2025-11-28 14:43:34
2name: crowdsecurity/vpatch-CVE-2024-6235
3description: 'Detects unauthorized access to sensitive NetScaler Console configuration endpoint disclosing ADM_SESSIONID.'
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: contains
12          value: /internal/v2/config/mps_secret/adm_sessionid
13      - zones:
14          - HEADERS
15        variables:
16          - user-name
17        transform:
18          - lowercase
19        match:
20          type: equals
21          value: nsroot
22
23labels:
24  type: exploit
25  service: http
26  confidence: 3
27  spoofable: 0
28  behavior: 'http:exploit'
29  label: 'NetScaler Console - Sensitive Information Disclosure'
30  classification:
31    - cve.CVE-2024-6235
32    - attack.T1592
33    - cwe.CWE-200
34

Hub Appsec rule

« vpatch-CVE-2024-6235 »v0.1 by crowdsecurityAppSec rule

« vpatch-CVE-2024-6235 »
v0.1 by crowdsecurity
AppSec rule