""ET WEB_SPECIFIC_APPS Atlassian Confluence CVE-2023-22518 Vulnerable Server Detected Version 7.x M1""

SID: 2049084

Revision: 1

Class Type: web-application-activity

Metadata: affected_product Atlassian_Confluence, attack_target Web_Server, created_at 2023_11_06, cve CVE_2023_22518, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, updated_at 2023_11_06

Reference:

• cve

• 2023-22518

Protocol: tcp

Source Network: [$HOME_NET,$HTTP_SERVERS]

Source Port: any

Destination Network: any

Destination Port: any

Flow: established,to_client

Contents:

• Value: "|3c|meta|20|name|3d 22|ajs|2d|version|2d|number|22 20|content|3d 22|7|2e|"

Within:

PCRE: "/^(?:1(?:9(?:.(?:[023456789]|1[012345]?))?|3(?:.(?:[03456789]|1\d?|20?))?|1(?:.[0123456])?|2(?:.[012345])?|6(?:.[012345])?|7(?:.[012345])?|4(?:.[01234])?|5(?:.[0123])?|8(?:.[0123])?|0(?:.[012])?|.[012])?|4(?:.(?:[023456789]|1[012345678]?))?|2(?:0(?:.[0123])?|.[012])?|0(?:.[012345])?|3(?:.[012345])?|7(?:.[01234])?|8(?:.[0123])?|9(?:.[0123])?|5(?:.[012])?|6(?:.[012])?)\x22/R"

Special Options:

• file_data

• fast_pattern

source