""ET WEB_SPECIFIC_APPS ReCrystallize Server Possible Authentication Bypass Attempt via AdminUsername Cookie (CVE-2024-26331) and Arbitrary File Upload via FileManagement.aspx (CVE-2024-28269)""

SID: 2051962

Revision: 1

Class Type: attempted-admin

Metadata: affected_product Web_Server_Applications, attack_target Web_Server, tls_state TLSDecrypt, created_at 2024_04_09, cve CVE_2024_26331_CVE_2024_28269, deployment Perimeter, deployment Internal, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_04_09

Reference:

• cve

• 2024-28269

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: $HTTP_PORTS

Flow: established,to_server

Contents:

• Value: "POST"

• Value: "/RecrystallizeServer/Admin/FileManagement.aspx"

• Value: "AdminUsername=admin"

Within:

PCRE:

Special Options:

• http_uri

• fast_pattern

• http_cookie

source