CVE-2022-35914 Scenario

« CVE-2022-35914 »
v0.2 by crowdsecurity
Attack scenarioremediation:truetype:exploit service:glpispoofable:0MITRE:T1595MITRE:T1190confidence:3

Detect CVE-2022-35914 exploits

Installation

cscli scenarios install crowdsecurity/CVE-2022-35914

Description

Detects attempts of exploit of CVE-2022-35914 RCE vulnerability.

Reference: https://github.com/glpi-project/glpi/security/advisories/GHSA-c5gx-789q-5pcr

YAML Configuration

1type: trigger
2#debug: true
3name: crowdsecurity/CVE-2022-35914
4description: "Detect CVE-2022-35914 exploits"
5filter: "Upper(evt.Meta.http_path) contains Upper('/vendor/htmlawed/htmlawed/htmLawedTest.php')"
6blackhole: 1m
7groupby: "evt.Meta.source_ip"
8labels:
9  type: exploit
10  remediation: true
11  classification:
12    - attack.T1595
13    - attack.T1190
14    - cve.CVE-2022-35914
15  spoofable: 0
16  confidence: 3
17  behavior: "http:exploit"
18  service: glpi
19  label: "GLPI CVE-2022-35914"
20

Hub configuration

« CVE-2022-35914 »v0.2 by crowdsecurityAttack scenarioremediation:truetype:exploit service:glpiCVE-2022-35914spoofable:0MITRE:T1595MITRE:T1190confidence:3

« CVE-2022-35914 »
v0.2 by crowdsecurity
Attack scenarioremediation:truetype:exploit service:glpispoofable:0MITRE:T1595MITRE:T1190confidence:3