ET EXPLOIT Confluence Server Path Traversal Vulnerability (CVE-2019-3398)

7.0.35.0SID: 2034261Rev: 1Enabled2 views
Sourceet/open
Fileemerging-exploit.rules
CreatedOctober 27, 2021
UpdatedOctober 27, 2021
Classificationattempted-admin
alert http any any -> [$HOME_NET,$HTTP_SERVERS] 8090 (msg:"ET EXPLOIT Confluence Server Path Traversal Vulnerability (CVE-2019-3398)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"plugins/drag-and-drop/upload.action"; nocase; fast_pattern; content:"draftId="; nocase; distance:0; content:"filename="; nocase; content:"/shell.jsp"; nocase; content:"atl_token"; nocase; http.request_body; content:"<%"; reference:url,github.com/superevr/cve-2019-3398/blob/master/poc.py; reference:cve,2019-3398; classtype:attempted-admin; sid:2034261; rev:1; metadata:created_at 2021_10_27, cve CVE_2019_3398, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_10_27, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)

Metadata

created at2021_10_27
deploymentInternal
confidenceHigh
signature severityMajor
tagDescription_Generated_By_Proofpoint_Nexus
updated at2021_10_27
mitre tactic idTA0007
mitre tactic nameDiscovery
mitre technique idT1083
mitre technique nameFile_And_Directory_Discovery

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!