CVE-2023-49103 Configuration

« CVE-2023-49103 »
v0.3 by crowdsecurity
Attack scenarioremediation:truetype:exploit service:owncloudspoofable:1MITRE:T1595MITRE:T1190confidence:2

Detect owncloud CVE-2023-49103 exploitation attempts

Installation

cscli scenarios install crowdsecurity/CVE-2023-49103

Description

Detect exploitation of owncloud CVE-2023-49103

Ref: https://nvd.nist.gov/vuln/detail/CVE-2023-49103

YAML Configuration

1type: trigger
2format: 2.0
3name: crowdsecurity/CVE-2023-49103
4description: "Detect owncloud CVE-2023-49103 exploitation attempts"
5filter: |
6  evt.Meta.log_type in ['http_access-log', 'http_error-log'] && Lower(evt.Meta.http_path) contains '/owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/getphpinfo.php'
7groupby: "evt.Meta.source_ip"
8blackhole: 2m
9labels:
10  type: exploit
11  remediation: true
12  classification:
13    - attack.T1595
14    - attack.T1190
15    - cve.CVE-2023-49103
16  spoofable: 1
17  confidence: 2
18  behavior: "http:exploit"
19  label: "ownCloud CVE-2023-49103"
20  service: owncloud
21

Hub configuration

« CVE-2023-49103 »v0.3 by crowdsecurityAttack scenarioremediation:truetype:exploit service:owncloudCVE-2023-49103spoofable:1MITRE:T1595MITRE:T1190confidence:2

« CVE-2023-49103 »
v0.3 by crowdsecurity
Attack scenarioremediation:truetype:exploit service:owncloudspoofable:1MITRE:T1595MITRE:T1190confidence:2