SID: 2051961

Revision: 1

Class Type: attempted-admin

Metadata: affected_product Web_Server_Applications, attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_04_09, cve CVE_2024_26331, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, updated_at 2024_04_09

Reference:

  • cve

  • 2024-26331

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

  • Value: "GET"

  • Value: "/RecrystallizeServer/" Depth: 21

  • Value: "AdminUsername=admin"

Within:

PCRE:

Special Options:

  • http_uri

  • fast_pattern

  • http_cookie

source