Hub WAF rule

More info

vpatch-CVE-2025-31324 WAF Rule

« SAP NetWeaver - File Upload »
v0.1 by crowdsecurity
WAF rule

SAP NetWeaver - File Upload (CVE-2025-31324)

Installation

cscli appsec-rules install crowdsecurity/vpatch-CVE-2025-31324

YAML Configuration

1#added 2025-09-05
2name: crowdsecurity/vpatch-CVE-2025-31324
3description: "SAP NetWeaver - File Upload (CVE-2025-31324)"
4rules:
5  - and:
6      - zones:
7          - URI
8        transform:
9          - lowercase
10        match:
11          type: equals
12          value: "/developmentserver/metadatauploader"
13      - zones:
14          - ARGS
15        variables:
16          - contenttype
17        transform:
18          - lowercase
19        match:
20          type: equals
21          value: "model"
22      - zones:
23          - FILENAMES
24        transform:
25          - lowercase
26        match:
27          type: contains
28          value: ".jsp"
29labels:
30  type: exploit
31  service: http
32  confidence: 3
33  spoofable: 0
34  behavior: "http:exploit"
35  label: "SAP NetWeaver - File Upload"
36  classification:
37    - cve.CVE-2025-31324
38    - attack.T1595
39    - attack.T1190
40    - cwe.CWE-434
41

Hub WAF rule

« SAP NetWeaver - File Upload »v0.1 by crowdsecurityWAF rule

« SAP NetWeaver - File Upload »
v0.1 by crowdsecurity
WAF rule