Versions (2)
Version DetailsCurrent
Rev: 1 • Sep 25, 2024, 12:00 PMET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Hardcoded Credentials Information Leak (CVE-2024-28987)
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS SolarWinds Web Help Desk Hardcoded Credentials Information Leak (CVE-2024-28987)"; flow:established,to_server; http.uri; content:"/helpdesk/WebObjects/Helpdesk.woa/ra/OrionTickets/"; fast_pattern; http.header; content:"Authorization|3a 20|Basic|20|aGVscGRlc2tJbnRlZ3JhdGlvblVzZXI6ZGV2LUM0RjgwMjVFNw=="; reference:url,www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/; reference:cve,2024-28987; classtype:attempted-admin; sid:2056167; rev:1; metadata:affected_product SolarWinds, attack_target Server, tls_state TLSDecrypt, created_at 2024_09_25, cve CVE_2024_28987, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, tag CISA_KEV, updated_at 2024_09_25; target:dest_ip;)
Sep 25, 2024, 12:00 PM
Sep 25, 2024, 12:00 PM
Sep 25, 2024, 9:00 PM
Sep 25, 2024, 9:00 PM
rules/emerging-web_specific_apps.rules