""ET EXPLOIT Successful ownCloud Remote Improper Authentication Attempt (CVE-2023-49105)""
SID: 2049618
Revision: 3
Class Type: successful-admin
Metadata: attack_target Server, created_at 2023_12_07, cve CVE_2023_49105, deployment Perimeter, deployment Internal, deployment SSLDecrypt, signature_severity Major, tag Exploit, updated_at 2024_06_23, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application
Reference:
-
cve
-
2023-49105
Protocol: tcp
Source Network: $HOME_NET
Source Port: $HTTP_PORTS
Destination Network: $EXTERNAL_NET
Destination Port: any
Flow: established,to_client
Contents:
-
Value: "xmlns|3a|oc|3d 22|http|3a 2f 2f|owncloud|2e|org|2f|ns|22 3e|"
-
Value: "|3c|d|3a|href|3e 2f|remote|2e|php|2f|"
Within:
PCRE:
Special Options:
-
file_data
-
fast_pattern