Versions (3)
Version DetailsCurrent
Rev: 1 • Aug 2, 2023, 12:00 PMET WEB_SPECIFIC_APPS Metabase Setup-Token Information Disclosure - Required for CVE-2023-38646
alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Metabase Setup-Token Information Disclosure - Required for CVE-2023-38646"; flow:established,to_client; http.response_body; content:"|22|Metabase|22 2c 22|"; fast_pattern; content:"|22|setup|2d|token|22 3a 22|"; pcre:"/[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}\x22/R"; reference:url,blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/; reference:cve,2023-38646; classtype:successful-recon-limited; sid:2047018; rev:1; metadata:attack_target Web_Server, created_at 2023_08_02, cve CVE_2023_38646, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2023_08_02, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:src_ip;)
Aug 2, 2023, 12:00 PM
Aug 2, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-web_specific_apps.rules