Confluence Exploitation CVE-2019-3398
Detects the exploitation of the Confluence vulnerability described in CVE-2019-3398
Sigma rule (View on GitHub)
1title: Confluence Exploitation CVE-2019-3398
2id: e9bc39ae-978a-4e49-91ab-5bd481fc668b
3status: test
4description: Detects the exploitation of the Confluence vulnerability described in CVE-2019-3398
5references:
6 - https://devcentral.f5.com/s/articles/confluence-arbitrary-file-write-via-path-traversal-cve-2019-3398-34181
7author: Florian Roth (Nextron Systems)
8date: 2020-05-26
9modified: 2023-01-02
10tags:
11 - attack.initial-access
12 - attack.t1190
13 - cve.2019-3398
14 - detection.emerging-threats
15logsource:
16 category: webserver
17detection:
18 selection:
19 cs-method: 'POST'
20 cs-uri-query|contains|all:
21 - '/upload.action'
22 - 'filename=../../../../'
23 condition: selection
24falsepositives:
25 - Unknown
26level: critical
References
-
Recently a new critical vulnerability in Atlassian Confluence was discovered. Exploiting the vulnerability may allow attackers to write files into arbitrary...
Read More
Related rules
- ADSelfService Exploitation
- Apache Spark Shell Command Injection - Weblogs
- Arcadyan Router Exploitations
- Atlassian Bitbucket Command Injection Via Archive API
- CVE-2010-5278 Exploitation Attempt