vpatch-CVE-2024-9465 AppSec Rule

« vpatch-CVE-2024-9465 »
v0.2 by crowdsecurity
AppSec rule

Palo Alto Expedition - SQL Injection (CVE-2024-9465)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2024-9465

YAML Configuration

1
2name: crowdsecurity/vpatch-CVE-2024-9465
3description: "Palo Alto Expedition - SQL Injection (CVE-2024-9465)"
4rules:
5  - and:
6    - zones:
7      - METHOD
8      match:
9        type: equals
10        value: POST
11    - zones:
12      - URI
13      transform:
14      - lowercase
15      - urldecode
16      match:
17        type: contains
18        value: "/bin/configurations/parsers/checkpoint/checkpoint.php"
19    - zones:
20      - BODY_ARGS
21      variables:
22      - signatureid
23      transform:
24      - urldecode
25      match:
26        type: regex
27        value: "[^a-zA-Z0-9]"
28labels:
29  type: exploit
30  service: http
31  confidence: 3
32  spoofable: 0
33  behavior: "http:exploit"
34  label: "Palo Alto Expedition - SQL Injection"
35  classification:
36   - cve.CVE-2024-9465
37   - attack.T1595
38   - attack.T1190
39   - cwe.CWE-89

Hub Appsec rule

« vpatch-CVE-2024-9465 »v0.2 by crowdsecurityAppSec rule

« vpatch-CVE-2024-9465 »
v0.2 by crowdsecurity
AppSec rule