ET EXPLOIT ownCloud Remote Improper Authentication Attempt (CVE-2023-49105)

SID: 2049617Rev: 269 viewsHistory

Sourceet/open

CreatedDecember 7, 2023

UpdatedJune 23, 2024

Classificationattempted-admin

alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ownCloud Remote Improper Authentication Attempt (CVE-2023-49105)"; flow:established,to_server; flowbits:set,ET.CVE-2023-49105.request; http.method; content:!"OPTIONS"; http.uri; content:"/remote.php/dav"; fast_pattern; content:"OC-Credential="; nocase; content:"OC-Verb="; nocase; content:"OC-Expires="; nocase; content:"OC-Date="; nocase; content:"OC-Signature="; nocase; pcre:"/^[a-f0-9]{64}(?:&|$)/R"; threshold:type limit, count 1, seconds 600, track by_src; reference:url,www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105; reference:cve,2023-49105; classtype:attempted-admin; sid:2049617; rev:2; metadata:attack_target Server, created_at 2023_12_07, cve CVE_2023_49105, deployment Perimeter, deployment Internal, deployment SSLDecrypt, confidence Medium, signature_severity Major, tag Exploit, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application;)

References

url	www.ambionics.io/blog/owncloud-cve-2023-49103-cve-2023-49105
cve	2023-49105

Metadata

attack targetServer

created at2023_12_07

cveCVE-2023-49105

deploymentSSLDecrypt

confidenceMedium

signature severityMajor

tagExploit

updated at2024_06_23

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!