http-cve-2021-42013 Configuration

« http-cve-2021-42013 »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:apachespoofable:0MITRE:T1190MITRE:T1595confidence:3

Apache - Path Traversal (CVE-2021-42013)

Installation

cscli scenarios install crowdsecurity/http-cve-2021-42013

YAML Configuration

1type: trigger
2format: 2.0
3#debug: true
4#this is getting funny, it's the third patch on top of cve-2021-41773
5name: crowdsecurity/http-cve-2021-42013
6description: "Apache - Path Traversal (CVE-2021-42013)"
7filter: |
8  evt.Meta.log_type in ["http_access-log", "http_error-log"] and 
9    Upper(evt.Meta.http_path) contains "/%%32%65%%32%65/"
10groupby: "evt.Meta.source_ip"
11blackhole: 2m
12labels:
13  service: apache
14  confidence: 3
15  spoofable: 0
16  classification:
17    - attack.T1190
18    - attack.T1595
19    - cve.CVE-2021-42013
20  behavior: "http:exploit"
21  label: "CVE-2021-42013"
22  remediation: true
23

Hub configuration

« http-cve-2021-42013 »v0.3 by crowdsecurityAttack scenarioremediation:trueservice:apacheCVE-2021-42013spoofable:0MITRE:T1190MITRE:T1595confidence:3

« http-cve-2021-42013 »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:apachespoofable:0MITRE:T1190MITRE:T1595confidence:3