ATTACK [PTsecurity] Cookieless string in ASP.NET (CVE-2023-36899)

SID: 10009357Rev: 329 views
History
Sourceptrules/open
CreatedJuly 24, 2025
UpdatedJuly 24, 2025
Classificationattempted-admin
alert http any any -> any any (msg:"ATTACK [PTsecurity] Cookieless string in ASP.NET (CVE-2023-36899)"; flow:established, to_server; http.uri; content:"/("; fast_pattern; content:"))"; distance:0; pcre:"/\/\([A-Z]\(.*?\)\).*?\)\)/"; reference:url, soroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899; reference:cve, 2023-36899; reference:url, rules.ptsecurity.com; classtype:attempted-admin; sid:10009357; rev:3;)

References

urlsoroush.me/blog/2023/08/cookieless-duodrop-iis-auth-bypass-app-pool-privesc-in-asp-net-framework-cve-2023-36899
cve2023-36899
urlrules.ptsecurity.com

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!