Versions (4)
Version DetailsCurrent
Rev: 1 • Oct 5, 2023, 12:00 PMET EXPLOIT JetBrains TeamCity Auth Bypass Attempt (CVE-2023-42793)
alert http any any -> [$HTTP_SERVERS,$HOME_NET] any (msg:"ET EXPLOIT JetBrains TeamCity Auth Bypass Attempt (CVE-2023-42793)"; flow:established,to_server; flowbits:set,ET.CVE-2023-42793; http.method; content:"POST"; http.uri; content:"/app/rest/users/id|3a|"; startswith; fast_pattern; content:"/tokens/"; content:"/RPC2"; endswith; reference:url,www.sonarsource.com/blog/teamcity-vulnerability/; reference:url,blog.jetbrains.com/teamcity/2023/09/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now/; reference:url,attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis; reference:cve,2023-42793; classtype:attempted-admin; sid:2048460; rev:1; metadata:affected_product JetBrains_TeamCity, attack_target Web_Server, created_at 2023_10_05, cve CVE_2023_42793, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence Medium, signature_severity Major, tag CISA_KEV, updated_at 2023_10_05; target:src_ip;)
Oct 5, 2023, 12:00 PM
Oct 5, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-exploit.rules