http-cve-2021-41773 Scenario

« http-cve-2021-41773 »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:apachespoofable:0MITRE:T1190MITRE:T1595confidence:3

Apache - Path Traversal (CVE-2021-41773)

Installation

cscli scenarios install crowdsecurity/http-cve-2021-41773

YAML Configuration

1type: trigger
2format: 2.0
3#debug: true
4name: crowdsecurity/http-cve-2021-41773
5description: "Apache - Path Traversal (CVE-2021-41773)"
6filter: |
7  evt.Meta.log_type in ["http_access-log", "http_error-log"] and 
8    (Upper(evt.Meta.http_path) contains "/.%2E/.%2E/"
9      or
10     Upper(evt.Meta.http_path) contains "/%2E%2E/%2E%2E")
11groupby: "evt.Meta.source_ip"
12blackhole: 2m
13labels:
14  confidence: 3
15  spoofable: 0
16  classification:
17    - attack.T1190
18    - attack.T1595
19    - cve.CVE-2021-41773
20  behavior: "http:exploit"
21  label: "CVE-2021-41773"
22  service: apache
23  remediation: true
24

Hub configuration

« http-cve-2021-41773 »v0.3 by crowdsecurityAttack scenarioremediation:trueservice:apacheCVE-2021-41773spoofable:0MITRE:T1190MITRE:T1595confidence:3

« http-cve-2021-41773 »
v0.3 by crowdsecurity
Attack scenarioremediation:trueservice:apachespoofable:0MITRE:T1190MITRE:T1595confidence:3