ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware RCE)

SID: 2029636Rev: 30 viewsHistory

Sourceet/open

CreatedMarch 13, 2020

UpdatedNovember 7, 2020

Classificationattempted-admin

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Possible CVE-2020-8518 (Horde Groupware RCE)"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"data.php"; endswith; http.request_body; content:"|22 3b 20|filename=|22|"; content:"|2e|passthru|28|"; content:"|2e|die|28 29 3b|"; distance:0; http.header_names; content:"horde_secret_key|0d 0a|"; nocase; fast_pattern; reference:url,cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/; reference:cve,2020-8518; classtype:attempted-admin; sid:2029636; rev:3; metadata:attack_target Web_Server, created_at 2020_03_13, cve CVE_2020_8518, deployment Perimeter, performance_impact Low, confidence Medium, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2020_11_07;)

References

url	cardaci.xyz/advisories/2020/03/10/horde-groupware-webmail-edition-5.2.22-rce-in-csv-data-import/
cve	2020-8518

Metadata

attack targetWeb_Server

created at2020_03_13

cveCVE-2020-8518

deploymentPerimeter

performance impactLow

confidenceMedium

signature severityMajor

tagDescription_Generated_By_Proofpoint_Nexus

updated at2020_11_07

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!