bogdan/zira-etc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
5583cdecd32b469519834a3dec8a76a114797d30
zira-etc/crowdsec/hub/scenarios/crowdsecurity/CVE-2019-18935.yaml

21 lines
584 B
YAML
Raw Blame History

type: trigger
format: 2.0
name: crowdsecurity/CVE-2019-18935
description: "Detect Telerik CVE-2019-18935 exploitation attempts"
filter: |
evt.Meta.log_type in ['http_access-log', 'http_error-log'] && Upper(QueryUnescape(evt.Meta.http_path)) startsWith Upper('/Telerik.Web.UI.WebResource.axd?type=rau')
groupby: "evt.Meta.source_ip"
blackhole: 2m
labels:
type: exploit
remediation: true
classification:
- attack.T1595
- attack.T1190
- cve.CVE-2019-18935
spoofable: 0
confidence: 3
behavior: "http:exploit"
label: "Telerik CVE-2019-18935"
service: telerik
Reference in New Issue View Git Blame Copy Permalink