Skip to content

Commit

Permalink
Update rules-emerging-threats/2023/Exploits/CVE-2023-27997/web_cve_20…
Browse files Browse the repository at this point in the history 
…23_27997_pre_authentication_rce.yml

Co-authored-by: phantinuss <[email protected]>
  • Loading branch information
@nasbench @phantinuss
nasbench and phantinuss authored Jul 31, 2023
1 parent dae7fff commit 47f1936
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion ...erging-threats/2023/Exploits/CVE-2023-27997/web_cve_2023_27997_pre_authentication_rce.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ id: 31e4e649-7394-4fd2-9ae7-dbc61eebb550
status: experimental
description: |
Detects indicators of potential exploitation of CVE-2023-27997 in Frotigate weblogs.
To avoid false positives it's best to look for successive requests to the endpoints mentioned as well as weird values of the "enc" parameter
To avoid false positives it is best to look for successive requests to the endpoints mentioned as well as weird values of the "enc" parameter
references:
- https://blog.lexfo.fr/Forensics-xortigate-notice.html
- https://blog.lexfo.fr/xortigate-cve-2023-27997.html
Expand Down

0 comments on commit 47f1936

Please sign in to comment.