Versions (4)
Version DetailsCurrent
Rev: 1 • Oct 5, 2023, 12:00 PMET EXPLOIT JetBrains TeamCity Auth Bypass Successful Attempt (CVE-2023-42793)
alert http [$HTTP_SERVERS,$HOME_NET] any -> any any (msg:"ET EXPLOIT JetBrains TeamCity Auth Bypass Successful Attempt (CVE-2023-42793)"; flow:established,to_client; flowbits:isset,ET.CVE-2023-42793; http.response_body; content:"|3c|token|20|name|3d 22|"; fast_pattern; content:"creationTime|3d 22|"; content:"value|3d 22|"; reference:url,www.sonarsource.com/blog/teamcity-vulnerability/; reference:url,blog.jetbrains.com/teamcity/2023/09/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now/; reference:url,attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis; reference:cve,2023-42793; classtype:successful-admin; sid:2048461; rev:1; metadata:affected_product JetBrains_TeamCity, attack_target Web_Server, created_at 2023_10_05, cve CVE_2023_42793, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence Medium, signature_severity Critical, tag CISA_KEV, updated_at 2023_10_05, reviewed_at 2023_10_05; target:src_ip;)
Oct 5, 2023, 12:00 PM
Oct 5, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-exploit.rules