""ET WEB_SPECIFIC_APPS Apache OFBiz Authentication Bypass Vulnerability Check (CVE-2023-51467)""

SID: 2050068

Revision: 1

Class Type: trojan-activity

Metadata: affected_product Web_Server_Applications, attack_target Web_Server, created_at 2024_01_12, cve CVE_2023_51467, deployment Perimeter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_01_12

Reference:

  • cve

  • 2023-51467

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "GET"

  • Value: "/webtools/control/ping?" Depth: 23

  • Value: "USERNAME"

  • Value: "PASSWORD"

  • Value: "requirePasswordChange=Y"

Within:

PCRE:

Special Options:

  • http_method

  • http_uri

  • fast_pattern

  • http_uri

  • http_uri

  • http_uri

source