Versions (4)
Version DetailsCurrent
Rev: 3 • Dec 7, 2023, 12:00 PMET EXPLOIT Successful ownCloud Remote Improper Authentication Attempt (CVE-2023-49105)
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET EXPLOIT Successful ownCloud Remote Improper Authentication Attempt (CVE-2023-49105)"; flow:established,to_client; flowbits:isset,ET.CVE-2023-49105.request; http.response_body; content:"xmlns|3a|oc|3d 22|http|3a 2f 2f|owncloud|2e|org|2f|ns|22 3e|"; content:"|3c|d|3a|href|3e 2f|remote|2e|php|2f|"; fast_pattern; threshold:type limit, count 1, seconds 600, track by_src; reference:url,www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105; reference:cve,2023-49105; classtype:successful-admin; sid:2049618; rev:3; metadata:attack_target Server, created_at 2023_12_07, cve CVE_2023_49105, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)
Dec 7, 2023, 12:00 PM
Jun 23, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules