Versions (6)
Version DetailsCurrent
Rev: 2 • Aug 3, 2023, 12:00 PMET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35078 Check/Exploitation Attempt
alert http any any -> [$HOME_NET,$HTTP_SERVERS] any (msg:"ET WEB_SPECIFIC_APPS Possible Ivanti Endpoint Manager Mobile CVE-2023-35078 Check/Exploitation Attempt"; flow:established,to_server; http.uri; content:"/mifs/aad/api/v2/"; startswith; threshold:type limit, count 5, seconds 300, track by_src; reference:url,www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/; reference:cve,2023-35078; classtype:attempted-admin; sid:2047054; rev:2; metadata:affected_product Ivanti, attack_target Web_Server, created_at 2023_08_03, cve CVE_2023_35078, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Low, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_01_18, reviewed_at 2024_10_01; target:dest_ip;)
Aug 3, 2023, 12:00 PM
Jan 18, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 20, 2025, 9:35 PM
rules/emerging-web_specific_apps.rules