CVE-2021-26084

Sep 24, 2021 ·

Detection of CVE-2021-26084 observed from our Honeypots

Sigma rule (View on GitHub)

 1title: CVE-2021-26084
 2status: experimental
 3description: Detection of CVE-2021-26084 observed from our Honeypots
 4references:
 5  - https://packetstormsecurity.com/files/164013/Confluence-Server-7.12.4-OGNL-Injection-Remote-Code-Execution.html
 6  - https://github.com/h3v0x/CVE-2021-26084_Confluence
 7  - https://www.exploit-db.com/exploits/50243
 8author: Loginsoft Research Unit
 9date: 2021/09/07
10logsource:
11  product: Atlassian Confluence
12  category: Collaboration Software
13detection:
14  selection:
15    c-uri: "/pages/createpage-entervariables.action?SpaceKey=x"
16    cs-method: "POST"
17  keywords1:
18    - "queryString"
19  keywords2:
20    - "wget"
21    - "curl"
22  condition: selection and keywords1 and keywords2
23level: High

References

Confluence Server 7.12.4 OGNL Injection Remote Code Execution ≈ Packet Storm

Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers

Read More
GitHub - hev0x/CVE-2021-26084_Confluence: Confluence Server Webwork OGNL injection

Confluence Server Webwork OGNL injection. Contribute to hev0x/CVE-2021-26084_Confluence development by creating an account on GitHub.

Read More
OffSec’s Exploit Database Archive

Confluence Server 7.12.4 - 'OGNL injection' Remote Code Execution (RCE) (Unauthenticated). CVE-2021-26084 . webapps exploit for Java platform

Read More

CVE-2021-26084

Sigma rule (View on GitHub)

References

Confluence Server 7.12.4 OGNL Injection Remote Code Execution ≈ Packet Storm

GitHub - hev0x/CVE-2021-26084_Confluence: Confluence Server Webwork OGNL injection

OffSec’s Exploit Database Archive