valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-08 10:13:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
13ab00f744
SigmaHQ/rules/web/web_cve_2020_5902_f5_bigip.yml
Florian Roth 13ab00f744 improved F5 BIG-IP rule based on private feedback
2020-07-05 16:21:48 +02:00

31 lines
942 B
YAML
Raw Blame History

title: CVE-2020-5902 F5 BIG-IP Exploitation Attempt
id: 44b53b1c-e60f-4a7b-948e-3435a7918478
status: experimental
description: Detects the exploitation attempt of the vulnerability found in F5 BIG-IP and described in CVE-2020-5902
references:
- https://support.f5.com/csp/article/K52145254
- https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller/
- https://twitter.com/yorickkoster/status/1279709009151434754
author: Florian Roth
date: 2020/07/05
logsource:
category: webserver
detection:
selection_base:
c-uri|contains: '/tmui/login'
selection_traversal:
c-uri|contains:
- '..;/'
- '.jsp/..'
condition: selection_base and selection_traversal
fields:
- c-ip
- c-dns
falsepositives:
- Unknown
tags:
- attack.initial_access
- attack.t1190
level: critical
Reference in New Issue View Git Blame Copy Permalink