Rule History

SID: 2047924 • Source: et/open

Versions (4)

Version DetailsCurrent

Rev: 1 • Sep 5, 2023, 12:00 PM

Message:

ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)

Rule:

alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET WEB_SPECIFIC_APPS Successful MinIO Information Disclosure Attempt (CVE-2023-28432)"; flow:established,to_client; http.stat_code; content:"200"; http.response_body; content:"|22|MINIO_ROOT_PASSWORD"; fast_pattern; content:"|22|MINIO_SECRET_KEY|22 3a 22|"; reference:url,www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services; reference:cve,2023-28432; classtype:attempted-admin; sid:2047924; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2023_09_05, cve CVE_2023_28432, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2023_09_05, reviewed_at 2023_09_05, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery; target:src_ip;)

Created:

Sep 5, 2023, 12:00 PM

Updated:

Sep 5, 2023, 12:00 PM

DB Created:

Sep 21, 2024, 3:00 AM

DB Updated:

Sep 21, 2024, 3:00 AM

Filename:

rules/emerging-web_specific_apps.rules