Hub configuration

More info

CVE-2022-26134 Configuration

« Confluence - RCE »
v0.4 by crowdsecurity / CVE-2022-26134
Attack scenarioconfluenceNot spoofableHigh confidence

Confluence - RCE (CVE-2022-26134)

Installation

cscli scenarios install crowdsecurity/CVE-2022-26134

Description

Detects attempts of exploit of CVE-2022-26134 RCE vulnerability.

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26134

YAML Configuration

1type: trigger
2#debug: true
3name: crowdsecurity/CVE-2022-26134
4description: "Confluence - RCE (CVE-2022-26134)"
5filter: "Upper(PathUnescape(evt.Meta.http_path)) contains Upper('@java.lang.Runtime@getRuntime().exec(')"
6blackhole: 1m
7groupby: "evt.Meta.source_ip"
8labels:
9  type: exploit
10  remediation: true
11  classification:
12    - attack.T1595
13    - attack.T1190
14    - cve.CVE-2022-26134
15  spoofable: 0
16  confidence: 3
17  behavior: "http:exploit"
18  service: confluence
19  label: "Confluence - RCE"
20

Hub configuration

« Confluence - RCE »v0.4 by crowdsecurity / CVE-2022-26134Attack scenarioCVE-2022-26134ConfluenceconfluenceNot spoofableHigh confidenceMITRE:T1595MITRE:T1190

« Confluence - RCE »
v0.4 by crowdsecurity / CVE-2022-26134
Attack scenarioconfluenceNot spoofableHigh confidence