Versions (5)
Version DetailsCurrent
Rev: 2 • Oct 12, 2023, 12:00 PMET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M2
alert http [$HOME_NET,$HTTP_SERVERS] any -> any any (msg:"ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22515 Vulnerable Server Detected M2"; flow:established,to_client; http.response_body; content:"|3c|li|20|class|3d 22|print|2d|only|22 3e|Printed|20|by|20|Atlassian|20|Confluence|20|8|2e|"; fast_pattern; pcre:"/^(?:0\.[01234]|1\.[0134]|2\.[0123]|3\.[012]|4\.[012]|5\.[01])\x3c/R"; threshold:type limit, count 1, seconds 3600, track by_src; reference:url,confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html; reference:url,www.rapid7.com/blog/post/2023/10/04/etr-cve-2023-22515-zero-day-privilege-escalation-in-confluence-server-and-data-center/; reference:url,attackerkb.com/topics/Q5f0ItSzw5/cve-2023-22515/rapid7-analysis; reference:cve,2023-22515; classtype:web-application-activity; sid:2048546; rev:2; metadata:affected_product Atlassian_Confluence, attack_target Web_Server, created_at 2023_10_12, cve CVE_2023_22515, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_11_06, reviewed_at 2023_11_06; target:src_ip;)
Oct 12, 2023, 12:00 PM
Nov 6, 2023, 12:00 PM
Sep 21, 2024, 3:00 AM
Aug 18, 2025, 8:35 PM
rules/emerging-web_specific_apps.rules