diff --git a/.index.json b/.index.json index ac04d8a857f..cbb9d498d3d 100644 --- a/.index.json +++ b/.index.json @@ -12133,6 +12133,7 @@ "deprecated": false } }, + "long_description": "RGV0ZWN0IElQcyB0cnlpbmcgdG8gcHJvYmUgZm9yIEhUVFAgcGF0aHMgcmVsYXRlZCB0byB3ZWxsLWtub3duIHRyZW5kaW5nIENWRShzKS4KUGF0aHMgYXJlIHN1c2NlcHRpYmxlIHRvIGJlaW5nIHJlbW92ZWQgZnJvbSBbdGhlIGFzc29jaWF0ZWQgZGF0YSBmaWxlXShodHRwczovL2dpdGh1Yi5jb20vY3Jvd2RzZWN1cml0eS9zZWMtbGlzdHMvYmxvYi9tYXN0ZXIvd2ViL3RyZW5keV9jdmVzLnR4dCkgd2hlbiB0aGV5IGJlY29tZSBsZXNzIHJlbGV2YW50LgoKVGhlIGN1cnJlbnQgbGlzdCBvZiB0YXJnZXRlZCB2dWxuZXJhYmlsaXRpZXMgaXMgYXMgZm9sbG93czoKCiAtIFtDVkUtMjAyNC0zNDAwXShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDI0LTM0MDApCiAtIFtDVkUtMjAyNC0zMjcyXShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDI0LTMyNzIpCiAtIFtDVkUtMjAxOC0xMjAzMV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAxOC0xMjAzMSkKIC0gW0NWRS0yMDIxLTM2MzgwXShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIxLTM2MzgwKQogLSBbQ1ZFLTIwMjEtMzEyOV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMS0zMTI5KQogLSBbQ1ZFLTIwMjAtMjc4NjZdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjAtMjc4NjYpCiAtIFtDVkUtMjAyNC00MDQwXShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDI0LTQwNDApCiAtIFtDVkUtMjAyNC0yNDkxOV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyNC0yNDkxOSkKIC0gW0NWRS0yMDI0LTQ1NzddKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjQtNDU3NykKIC0gW0NWRS0yMDI0LTU4MDZdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjQtNTgwNikKIC0gW0NWRS0yMDI0LTU4MDVdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjQtNTgwNSkKCg==", "content": "dHlwZTogbGVha3kKI2RlYnVnOiB0cnVlCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1jdmUtcHJvYmluZwpkZXNjcmlwdGlvbjogIkRldGVjdCBnZW5lcmljIEhUVFAgY3ZlIHByb2JpbmciCmZpbHRlcjogfAogIGV2dC5NZXRhLnNlcnZpY2UgPT0gJ2h0dHAnIGFuZCAKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbJ2h0dHBfYWNjZXNzLWxvZycsICdodHRwX2Vycm9yLWxvZyddIGFuZCAKICBldnQuTWV0YS5odHRwX3N0YXR1cyBpbiBbJzQwNCcsICc0MDMnXSBhbmQKICBhbnkoRmlsZSgidHJlbmR5X2N2ZXMudHh0IiksIHsgTG93ZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyAjfSkKZ3JvdXBieTogZXZ0Lk1ldGEuc291cmNlX2lwCmRpc3RpbmN0OiAiZXZ0Lk1ldGEuaHR0cF9wYXRoIgpkYXRhOgogIC0gc291cmNlX3VybDogaHR0cHM6Ly9odWItZGF0YS5jcm93ZHNlYy5uZXQvd2ViL3RyZW5keV9jdmVzLnR4dAogICAgZGVzdF9maWxlOiB0cmVuZHlfY3Zlcy50eHQKICAgIHR5cGU6IHN0cmluZwpjYXBhY2l0eTogMQpsZWFrc3BlZWQ6ICIxMHMiCmJsYWNraG9sZTogMW0KbGFiZWxzOgogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxNTk1CiAgYmVoYXZpb3I6ICJodHRwOnNjYW4iCiAgbGFiZWw6ICJIVFRQIENWRSBQcm9iaW5nIgogIHNlcnZpY2U6IGh0dHAKICByZW1lZGlhdGlvbjogdHJ1ZQo=", "description": "Detect generic HTTP cve probing", "author": "crowdsecurity", diff --git a/scenarios/crowdsecurity/http-cve-probing.md b/scenarios/crowdsecurity/http-cve-probing.md new file mode 100644 index 00000000000..c3e160d33c7 --- /dev/null +++ b/scenarios/crowdsecurity/http-cve-probing.md @@ -0,0 +1,17 @@ +Detect IPs trying to probe for HTTP paths related to well-known trending CVE(s). +Paths are susceptible to being removed from [the associated data file](https://github.com/crowdsecurity/sec-lists/blob/master/web/trendy_cves.txt) when they become less relevant. + +The current list of targeted vulnerabilities is as follows: + + - [CVE-2024-3400](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3400) + - [CVE-2024-3272](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3272) + - [CVE-2018-12031](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12031) + - [CVE-2021-36380](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36380) + - [CVE-2021-3129](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3129) + - [CVE-2020-27866](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27866) + - [CVE-2024-4040](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4040) + - [CVE-2024-24919](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24919) + - [CVE-2024-4577](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4577) + - [CVE-2024-5806](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5806) + - [CVE-2024-5805](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5805) +