Rule History

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Gambio E-Commerce Suite Deserialization of Untrusted Data (CVE-2024-23759)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/shop.php?do=Parcelshopfinder/AddAddressBookEntry"; fast_pattern; http.header_names; content:"|0d 0a|Cookie|0d 0a|"; content:"|0d 0a|Host|0d 0a|"; content:"|0d 0a|Content-Type|0d 0a|"; http.request_body; content:"checkout_started|3d|0&search|3d|"; startswith; base64_decode:bytes 30, offset 0, relative; base64_data; content:"GuzzleHttp"; reference:url,attackerkb.com/topics/cxCsICfcDY/cve-2024-23759; reference:cve,2024-23759; classtype:attempted-admin; sid:2051956; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_04_08, cve CVE_2024_23759, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_04_08, reviewed_at 2024_10_03; target:dest_ip;)