ET WEB_SPECIFIC_APPS Apache Kafka UI Unsanitized Groovy Script Filter Remote Code Execution Attempt (CVE-2023-52251)

SID: 2050499Rev: 13 viewsHistory

Sourceet/open

CreatedJanuary 25, 2024

UpdatedJanuary 25, 2024

Classificationattempted-admin

alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Apache Kafka UI Unsanitized Groovy Script Filter Remote Code Execution Attempt (CVE-2023-52251)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/api/clusters/"; startswith; content:"/topics/"; distance:0; within:50; content:"/messages?q|3d 22|"; within:50; content:"|28 29 26|filterQueryType|3d|GROOVY_SCRIPT"; distance:0; fast_pattern; reference:url,attackerkb.com/topics/ATJ1hTVB8H/cve-2023-52251; reference:cve,2023-52251; classtype:attempted-admin; sid:2050499; rev:1; metadata:affected_product Apache_Kafka, attack_target Web_Server, created_at 2024_01_25, cve CVE_2023_52251, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_01_25, reviewed_at 2024_10_03, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

url	attackerkb.com/topics/ATJ1hTVB8H/cve-2023-52251
cve	2023-52251

Metadata

affected productApache_Kafka

attack targetWeb_Server

created at2024_01_25

cveCVE-2023-52251

deploymentSSLDecrypt

performance impactLow

confidenceHigh

signature severityMajor

updated at2024_01_25

reviewed at2024_10_03

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!