Merge pull request #1273 from Neo23x0/rule-devel

rule: added second expression
2024-11-07 09:48:58 +00:00 · 2020-11-04 17:09:47 +01:00 · 2020-11-04 17:09:47 +01:00 · 784150b66c
commit 784150b66c
parent 413abf13cd 908023fa66
1 changed files with 3 additions and 1 deletions
--- a/rules/web/web_cve_2020_14882_weblogic_exploit.yml
+++ b/rules/web/web_cve_2020_14882_weblogic_exploit.yml
@ -4,17 +4,19 @@ status: experimental
 description: Detects exploitation attempts on WebLogic servers
 author: Florian Roth
 date: 2020/11/02
-modified: 2020/11/03
+modified: 2020/11/04
 references:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14882
    - https://isc.sans.edu/diary/26734
    - https://twitter.com/jas502n/status/1321416053050667009?s=20
+    - https://twitter.com/sudo_sudoka/status/1323951871078223874
 logsource:
    category: webserver
 detection:
    selection:
        c-uri|contains:
            - '/console/images/%252E%252E%252Fconsole.portal'
+            - '/console/css/%2e'
    condition: selection
 fields:
    - c-ip