Versions (3)
Version DetailsCurrent
Rev: 1 • Apr 9, 2024, 12:00 PMET WEB_SPECIFIC_APPS ReCrystallize Server ViewReport.aspx Abuse
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ReCrystallize Server ViewReport.aspx Abuse"; flow:established,to_server; content:"GET"; http.uri; content:"/RecrystallizeServer/ViewReport.aspx?reportName|3d|"; startswith; fast_pattern; pcre:"/^(?:[a-z]\x3a\x5c|http|\x2f\x2f|\x5c\x5c)/Ri"; reference:url,sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/; classtype:trojan-activity; sid:2051964; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_04_09, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_04_09, reviewed_at 2024_10_03; target:dest_ip;)
Apr 9, 2024, 12:00 PM
Apr 9, 2024, 12:00 PM
Sep 21, 2024, 3:00 AM
Sep 21, 2024, 3:00 AM
rules/emerging-web_specific_apps.rules