Hub configuration

More info

CVE-2019-18935 Configuration

« Telerik CVE-2019-18935 »
v0.2 by crowdsecurity / CVE-2019-18935
Attack scenariotelerikNot spoofableHigh confidence

Detect Telerik CVE-2019-18935 exploitation attempts

Installation

cscli scenarios install crowdsecurity/CVE-2019-18935

Description

Detect exploitation of Telerik CVE-2019-18935

Ref: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18935 Poc: https://github.com/noperator/CVE-2019-18935

YAML Configuration

1type: trigger
2format: 2.0
3name: crowdsecurity/CVE-2019-18935
4description: "Detect Telerik CVE-2019-18935 exploitation attempts"
5filter: |
6  evt.Meta.log_type in ['http_access-log', 'http_error-log'] && Upper(QueryUnescape(evt.Meta.http_path)) startsWith Upper('/Telerik.Web.UI.WebResource.axd?type=rau')
7groupby: "evt.Meta.source_ip"
8blackhole: 2m
9labels:
10  type: exploit
11  remediation: true
12  classification:
13    - attack.T1595
14    - attack.T1190
15    - cve.CVE-2019-18935
16  spoofable: 0
17  confidence: 3
18  behavior: "http:exploit"
19  label: "Telerik CVE-2019-18935"
20  service: telerik
21

Hub configuration

« Telerik CVE-2019-18935 »v0.2 by crowdsecurity / CVE-2019-18935Attack scenarioCVE-2019-18935telerikNot spoofableHigh confidenceMITRE:T1595MITRE:T1190

« Telerik CVE-2019-18935 »
v0.2 by crowdsecurity / CVE-2019-18935
Attack scenariotelerikNot spoofableHigh confidence