Et rule 2033136 - Magic-SigExplorer

""ET EXPLOIT Atlassian Jira Unauth User Enumeration Attempt (CVE-2020-36289)""

SID: 2033136

Revision: 2

Class Type: attempted-admin

Metadata: attack_target Client_Endpoint, created_at 2021_06_11, cve CVE_2020_36289, deployment Perimeter, deployment Internal, signature_severity Major, updated_at 2021_06_11, reviewed_at 2024_05_06

Reference:

Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,from_client

Contents:

Value: "GET"
Value: "/secure/QueryComponentRendererValue!Default.jspa?assignee=user|3a|admin"

Within:

PCRE: "/\/secure\/QueryComponentRendererValue!Default.jspa\?assignee=user|3a|admin$/U"

Special Options:

http_method
fast_pattern
http_uri

source