Hub configuration

More info

CVE-2022-41697 Scenario

« Ghost CVE-2022-41697 »
v0.2 by crowdsecurity / CVE-2022-41697
Attack scenarioghostNot spoofableHigh confidence

Detect CVE-2022-41697 enumeration

Installation

cscli scenarios install crowdsecurity/CVE-2022-41697

Description

Ghost user enumeration vulnerablity

CVE
talos

YAML Configuration

1type: leaky
2name: crowdsecurity/CVE-2022-41697
3description: "Detect CVE-2022-41697 enumeration"
4filter: |
5  Upper(evt.Meta.http_path) contains Upper('/ghost/api/admin/session') &&
6  Upper(evt.Parsed.verb) == 'POST' &&
7  evt.Meta.http_status == '404'
8leakspeed: "10s"
9capacity: 5
10blackhole: 1m
11groupby: "evt.Meta.source_ip"
12labels:
13  type: exploit
14  remediation: true
15  classification:
16    - attack.T1589
17    - cve.CVE-2022-41697
18  spoofable: 0
19  confidence: 3
20  behavior: "http:exploit"
21  label: "Ghost CVE-2022-41697"
22  service: ghost
23

Hub configuration

« Ghost CVE-2022-41697 »v0.2 by crowdsecurity / CVE-2022-41697Attack scenarioCVE-2022-41697GhostghostNot spoofableHigh confidenceMITRE:T1589

« Ghost CVE-2022-41697 »
v0.2 by crowdsecurity / CVE-2022-41697
Attack scenarioghostNot spoofableHigh confidence