ET WEB_SPECIFIC_APPS ReCrystallize Server ViewReport.aspx Abuse

7.0.35.0SID: 2051964Rev: 2Enabled11 views
Sourceet/open
Fileemerging-web_specific_apps.rules
CreatedApril 9, 2024
UpdatedApril 11, 2024
Classificationtrojan-activity
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ReCrystallize Server ViewReport.aspx Abuse"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/RecrystallizeServer/ViewReport.aspx?reportName|3d|"; fast_pattern; startswith; pcre:"/^(?:[a-z]\x3a\x5c|http|\x2f\x2f|\x5c\x5c)/Ri"; reference:url,sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/; classtype:trojan-activity; sid:2051964; rev:2; metadata:affected_product Web_Server_Applications, attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_04_09, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_04_11, reviewed_at 2024_10_03; target:dest_ip;)

Metadata

affected productWeb_Server_Applications
attack targetWeb_Server
tls stateTLSDecrypt
created at2024_04_09
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_04_11
reviewed at2024_10_03

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!