Rule History

alert http any any -> [$HOME_NET,$HTTP_SERVERS] 8090 (msg:"ET EXPLOIT Confluence Server Path Traversal Vulnerability (CVE-2019-3398)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"plugins/drag-and-drop/upload.action"; nocase; fast_pattern; content:"draftId="; nocase; distance:0; content:"filename="; nocase; content:"/shell.jsp"; nocase; content:"atl_token"; nocase; http.request_body; content:"<%"; reference:url,github.com/superevr/cve-2019-3398/blob/master/poc.py; reference:cve,2019-3398; classtype:attempted-admin; sid:2034261; rev:1; metadata:created_at 2021_10_27, cve CVE_2019_3398, deployment Perimeter, deployment Internal, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2021_10_27, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1083, mitre_technique_name File_And_Directory_Discovery; target:dest_ip;)