Versions (3)
Version DetailsCurrent
Rev: 1 • Jun 3, 2022, 12:00 PMET EXPLOIT Bonitasoft Successful Default User Login Attempt (Possible Staging for CVE-2022-25237)
alert http [$HTTP_SERVERS,$HOME_NET] any -> any any (msg:"ET EXPLOIT Bonitasoft Successful Default User Login Attempt (Possible Staging for CVE-2022-25237)"; flow:established,to_client; flowbits:isset,ET.BonitaDefaultCreds; http.cookie; content:"JSESSIONID="; content:"X-Bonita-API-Token="; fast_pattern; reference:url,rhinosecuritylabs.com/application-security/cve-2022-25237-bonitasoft-authorization-bypass/; reference:cve,2022-25237; classtype:successful-admin; sid:2036817; rev:1; metadata:attack_target Server, created_at 2022_06_03, cve CVE_2022_25237, deployment Perimeter, deployment SSLDecrypt, confidence Medium, signature_severity Major, updated_at 2022_06_03;)
Jun 3, 2022, 12:00 PM
Jun 3, 2022, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-exploit.rules