ET WEB_SPECIFIC_APPS ReCrystallize Server DownloadFile.aspx Abuse

SID: 2051963Rev: 112 views
History
Sourceet/open
CreatedApril 9, 2024
UpdatedApril 9, 2024
Classificationtrojan-activity
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS ReCrystallize Server DownloadFile.aspx Abuse"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/RecrystallizeServer/DownloadFile.aspx?filename|3d|"; startswith; fast_pattern; pcre:"/^(?:[a-z]\x3a\x5c|http|\x2f\x2f|\x5c\x5c)/Ri"; reference:url,sensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/; classtype:trojan-activity; sid:2051963; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_04_09, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_04_09; target:dest_ip;)

References

urlsensepost.com/blog/2024/from-discovery-to-disclosure-recrystallize-server-vulnerabilities/

Metadata

affected productWeb_Server_Applications
attack targetWeb_Server
tls stateTLSDecrypt
created at2024_04_09
deploymentSSLDecrypt
performance impactLow
confidenceHigh
signature severityMajor
updated at2024_04_09

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!