Skip to content

Commit

Permalink
CVE 2023 49103 (#878)
Browse files Browse the repository at this point in the history 
* support owncloud cve-2023-49103

---------

Co-authored-by: GitHub Action <[email protected]>
  • Loading branch information
@buixor @actions-user
buixor and actions-user authored Nov 28, 2023
1 parent cde790b commit fd14dfe
Show file tree
Hide file tree
Showing 10 changed files with 137 additions and 4 deletions.
45 changes: 41 additions & 4 deletions .index.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1009,7 +1009,7 @@
},
"crowdsecurity/http-cve": {
"path": "collections/crowdsecurity/http-cve.yaml",
"version": "2.4",
"version": "2.5",
"versions": {
"0.1": {
"digest": "30748e051a470c1bc91506ae63e8784cd054564f90ccc23eb655823fc30e3019",
Expand Down Expand Up @@ -1106,10 +1106,14 @@
"2.4": {
"digest": "9a1288c042d53f81c16653efae7084bbb83e56cec8a6eade98c702e2febb8d4e",
"deprecated": false
},
"2.5": {
"digest": "c6c395c6d6d694ecfb8957e93bd8895a8c341511d070486cbd768056a323994d",
"deprecated": false
}
},
"long_description": "CgpBIGNvbGxlY3Rpb24gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBzb21lIHNwZWNpZmljIGh0dHAgQ1ZFcy4KCldvcmtzIHdpdGggW2FwYWNoZTJdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb2xsZWN0aW9ucy9hcGFjaGUyKSwgW25naW54XShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29sbGVjdGlvbnMvbmdpbngpLCBbdHJhZWZpa10oaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0L2F1dGhvci9jcm93ZHNlY3VyaXR5L2NvbGxlY3Rpb25zL3RyYWVmaWspIGV0Yy4KCjp3YXJuaW5nOiBXaGlsZSB0aGlzIGNvbGxlY3Rpb24gaXMgZnJlcXVlbnRseSB1cGRhdGVkIHdpdGggdHJlbmRpbmcgQ1ZFcywgaXQgaXMgX25vdF8gYSBXQUYgYW5kIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtaaW1icmEgQ1ZFLTIwMjItMzcwNDJdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM3MDQyKQogLSBbTWljcm9zb2Z0IEV4Y2hhbmdlIENWRS0yMDIyLTQxMDgyXShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTA4MikKIC0gW0dMUEkgQ1ZFLTIwMjItMzU5MTRdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM1OTE0KQogLSBbRm9ydGluZXQgQ1ZFLTIwMjItNDA2ODRdKGh0dHBzOi8vd3d3Lmhvcml6b24zLmFpL2ZvcnRpb3MtZm9ydGlwcm94eS1hbmQtZm9ydGlzd2l0Y2htYW5hZ2VyLWF1dGhlbnRpY2F0aW9uLWJ5cGFzcy10ZWNobmljYWwtZGVlcC1kaXZlLWN2ZS0yMDIyLTQwNjg0LykKIC0gW0NvbmZsdWVuY2UgQ1ZFLTIwMjItMjYxMzRdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItMjYxMzQpCiAtIFtUZXh0NFNoZWxsIENWRS0yMDIyLTQyODg5XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTQyODg5KQogLSBbR2hvc3QgQ01TIENWRS0yMDIyLTQxNjk3XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTY5NykKIC0gW0NhY3RpIENWRS0yMDIyLTQ2MTY5XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00NjE2OSkKIC0gW0NlbnRvcyBXZWIgUGFuZWwgNyBDVkUtMjAyMi00NDg3N10oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDQ4NzcpCiAtIFtUZWxlcmlrIFVJIENWRS0yMDE5LTE4OTM1XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDE5LTE4OTM1KQogLSBbTmV0Z2VhciBER04xMDAwIC8gREdOMjIwMCBSZW1vdGUgQ29tbWFuZCBFeGVjdXRpb25dKGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4KQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxNV0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vc2VjdXJpdHkvY3ZlLTIwMjMtMjI1MTUtcHJpdmlsZWdlLWVzY2FsYXRpb24tdnVsbmVyYWJpbGl0eS1pbi1jb25mbHVlbmNlLWRhdGEtY2VudGVyLWFuZC1zZXJ2ZXItMTI5NTY4MjI3Ni5odG1sKQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxOF0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vcGFnZXMvdmlld3BhZ2UuYWN0aW9uP3BhZ2VJZD0xMzExNDczOTA3KQoKCgoKCg==",
"content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxNjk3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ2MTY5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ0ODc3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CiAgLSBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE1CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE4CmF1dGhvcjogY3Jvd2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUgZXhwbG9pdGF0aW9uIGluIGh0dHAgbG9ncyIKdGFnczoKICAtIHdlYgogIC0gZXhwbG9pdAogIC0gY3ZlCiAgLSBodHRwCg==",
"long_description": "CgpBIGNvbGxlY3Rpb24gdG8gZGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBzb21lIHNwZWNpZmljIGh0dHAgQ1ZFcy4KCldvcmtzIHdpdGggW2FwYWNoZTJdKGh0dHBzOi8vaHViLmNyb3dkc2VjLm5ldC9hdXRob3IvY3Jvd2RzZWN1cml0eS9jb2xsZWN0aW9ucy9hcGFjaGUyKSwgW25naW54XShodHRwczovL2h1Yi5jcm93ZHNlYy5uZXQvYXV0aG9yL2Nyb3dkc2VjdXJpdHkvY29sbGVjdGlvbnMvbmdpbngpLCBbdHJhZWZpa10oaHR0cHM6Ly9odWIuY3Jvd2RzZWMubmV0L2F1dGhvci9jcm93ZHNlY3VyaXR5L2NvbGxlY3Rpb25zL3RyYWVmaWspIGV0Yy4KCjp3YXJuaW5nOiBXaGlsZSB0aGlzIGNvbGxlY3Rpb24gaXMgZnJlcXVlbnRseSB1cGRhdGVkIHdpdGggdHJlbmRpbmcgQ1ZFcywgaXQgaXMgX25vdF8gYSBXQUYgYW5kIGRvZXMgX25vdF8gYWltcyBhdCByZXBsYWNpbmcgYSBXQUYuIEFzIHN1Y2gsIGFuIGF0dGFja2VyIG1pZ2h0IGJlIGFibGUgdG8gYnlwYXNzIHRob3NlIHNpZ25hdHVyZXMuCgogLSBbQXBhY2hlIENWRS0yMDIxLTQxNzczXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDE3NzMpCiAtIFtBcGFjaGUgQ1ZFLTIwMjEtNDIwMTNdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00MjAxMykKIC0gW0dyYWZhbmEgQ1ZFLTIwMjEtNDM3OThdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS00Mzc5OCkKIC0gW0ZvcnRpbmV0IENWRS0yMDE4LTEzMzc5XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMTMzNzkpCiAtIFtQdWxzZSBTZWN1cmUgQ1ZFLTIwMTktMTE1MTBdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAxOS0xMTUxMCkKIC0gW0Y1IEJJRy1JUCBDVkUtMjAyMC01OTAyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjAtNTkwMikKIC0gW1RoaW5rUEhQIENWRS0yMDE4LTIwMDYyXShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMTgtMjAwNjIpCiAtIFtBcGFjaGUgTG9nNGoyIENWRS0yMDIxLTQ0MjI4XShodHRwczovL2N2ZS5jaXJjbC5sdS9jdmUvQ1ZFLTIwMjEtNDQyMjgpCiAtIFtWTXdhcmUgVk1TQS0yMDIxLTAwMjddKGh0dHBzOi8vd3d3LnZtd2FyZS5jb20vc2VjdXJpdHkvYWR2aXNvcmllcy9WTVNBLTIwMjEtMDAyNy5odG1sKQogLSBbQXRsYXNzaWFuIEppcmEgQ1ZFLTIwMjEtMjYwODZdKGh0dHBzOi8vY3ZlLmNpcmNsLmx1L2N2ZS9DVkUtMjAyMS0yNjA4NikKIC0gW1NwcmluZzRTaGVsbCBDVkUtMjAyMi0yMjk2NV0oaHR0cHM6Ly9jdmUubWl0cmUub3JnL2NnaS1iaW4vY3ZlbmFtZS5jZ2k/bmFtZT1DVkUtMjAyMi0yMjk2NSkKIC0gW1ZNd2FyZSBDVkUtMjAyMi0yMjk1NF0oaHR0cHM6Ly93d3cudm13YXJlLmNvbS9zZWN1cml0eS9hZHZpc29yaWVzL1ZNU0EtMjAyMi0wMDExLmh0bWwpCiAtIFtaaW1icmEgQ1ZFLTIwMjItMzcwNDJdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM3MDQyKQogLSBbTWljcm9zb2Z0IEV4Y2hhbmdlIENWRS0yMDIyLTQxMDgyXShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTA4MikKIC0gW0dMUEkgQ1ZFLTIwMjItMzU5MTRdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIyLTM1OTE0KQogLSBbRm9ydGluZXQgQ1ZFLTIwMjItNDA2ODRdKGh0dHBzOi8vd3d3Lmhvcml6b24zLmFpL2ZvcnRpb3MtZm9ydGlwcm94eS1hbmQtZm9ydGlzd2l0Y2htYW5hZ2VyLWF1dGhlbnRpY2F0aW9uLWJ5cGFzcy10ZWNobmljYWwtZGVlcC1kaXZlLWN2ZS0yMDIyLTQwNjg0LykKIC0gW0NvbmZsdWVuY2UgQ1ZFLTIwMjItMjYxMzRdKGh0dHBzOi8vY3ZlLm1pdHJlLm9yZy9jZ2ktYmluL2N2ZW5hbWUuY2dpP25hbWU9Q1ZFLTIwMjItMjYxMzQpCiAtIFtUZXh0NFNoZWxsIENWRS0yMDIyLTQyODg5XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDIyLTQyODg5KQogLSBbR2hvc3QgQ01TIENWRS0yMDIyLTQxNjk3XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00MTY5NykKIC0gW0NhY3RpIENWRS0yMDIyLTQ2MTY5XShodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMi00NjE2OSkKIC0gW0NlbnRvcyBXZWIgUGFuZWwgNyBDVkUtMjAyMi00NDg3N10oaHR0cHM6Ly9udmQubmlzdC5nb3YvdnVsbi9kZXRhaWwvQ1ZFLTIwMjItNDQ4NzcpCiAtIFtUZWxlcmlrIFVJIENWRS0yMDE5LTE4OTM1XShodHRwczovL2N2ZS5taXRyZS5vcmcvY2dpLWJpbi9jdmVuYW1lLmNnaT9uYW1lPUNWRS0yMDE5LTE4OTM1KQogLSBbTmV0Z2VhciBER04xMDAwIC8gREdOMjIwMCBSZW1vdGUgQ29tbWFuZCBFeGVjdXRpb25dKGh0dHBzOi8vd3d3LmV4cGxvaXQtZGIuY29tL2V4cGxvaXRzLzI1OTc4KQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxNV0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vc2VjdXJpdHkvY3ZlLTIwMjMtMjI1MTUtcHJpdmlsZWdlLWVzY2FsYXRpb24tdnVsbmVyYWJpbGl0eS1pbi1jb25mbHVlbmNlLWRhdGEtY2VudGVyLWFuZC1zZXJ2ZXItMTI5NTY4MjI3Ni5odG1sKQogLSBbQ29uZmx1ZW5jZSBDVkUtMjAyMy0yMjUxOF0oaHR0cHM6Ly9jb25mbHVlbmNlLmF0bGFzc2lhbi5jb20vcGFnZXMvdmlld3BhZ2UuYWN0aW9uP3BhZ2VJZD0xMzExNDczOTA3KQogLSBbT3duY2xvdWQgQ1ZFLTIwMjMtNDkxMDNdKGh0dHBzOi8vbnZkLm5pc3QuZ292L3Z1bG4vZGV0YWlsL0NWRS0yMDIzLTQ5MTAzKQoKCgoKCg==",
"content": "c2NlbmFyaW9zOgogIC0gY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCiAgLSBjcm93ZHNlY3VyaXR5L2h0dHAtY3ZlLTIwMjEtNDIwMTMKICAtIGNyb3dkc2VjdXJpdHkvZ3JhZmFuYS1jdmUtMjAyMS00Mzc5OAogIC0gY3Jvd2RzZWN1cml0eS92bXdhcmUtdmNlbnRlci12bXNhLTIwMjEtMDAyNwogIC0gY3Jvd2RzZWN1cml0eS9mb3J0aW5ldC1jdmUtMjAxOC0xMzM3OQogIC0gY3Jvd2RzZWN1cml0eS9wdWxzZS1zZWN1cmUtc3NsdnBuLWN2ZS0yMDE5LTExNTEwCiAgLSBjcm93ZHNlY3VyaXR5L2Y1LWJpZy1pcC1jdmUtMjAyMC01OTAyCiAgLSBjcm93ZHNlY3VyaXR5L3RoaW5rcGhwLWN2ZS0yMDE4LTIwMDYyCiAgLSBjcm93ZHNlY3VyaXR5L2FwYWNoZV9sb2c0ajJfY3ZlLTIwMjEtNDQyMjgKICAtIGNyb3dkc2VjdXJpdHkvamlyYV9jdmUtMjAyMS0yNjA4NgogIC0gY3Jvd2RzZWN1cml0eS9zcHJpbmc0c2hlbGxfY3ZlLTIwMjItMjI5NjUKICAtIGNyb3dkc2VjdXJpdHkvdm13YXJlLWN2ZS0yMDIyLTIyOTU0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM3MDQyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxMDgyCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTM1OTE0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQwNjg0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTI2MTM0CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQyODg5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQxNjk3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ2MTY5CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIyLTQ0ODc3CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDE5LTE4OTM1CiAgLSBjcm93ZHNlY3VyaXR5L25ldGdlYXJfcmNlCiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE1CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTIyNTE4CiAgLSBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTQ5MTAzCmF1dGhvcjogY3Jvd2RzZWN1cml0eQpkZXNjcmlwdGlvbjogIkRldGVjdCBDVkUgZXhwbG9pdGF0aW9uIGluIGh0dHAgbG9ncyIKdGFnczoKICAtIHdlYgogIC0gZXhwbG9pdAogIC0gY3ZlCiAgLSBodHRwCg==",
"description": "Detect CVE exploitation in http logs",
"author": "crowdsecurity",
"labels": null,
Expand Down Expand Up @@ -1138,7 +1142,8 @@
"crowdsecurity/CVE-2019-18935",
"crowdsecurity/netgear_rce",
"crowdsecurity/CVE-2023-22515",
"crowdsecurity/CVE-2023-22518"
"crowdsecurity/CVE-2023-22518",
"crowdsecurity/CVE-2023-49103"
]
},
"crowdsecurity/http-dos": {
Expand Down Expand Up @@ -6775,6 +6780,38 @@
"spoofable": 0
}
},
"crowdsecurity/CVE-2023-49103": {
"path": "scenarios/crowdsecurity/CVE-2023-49103.yaml",
"version": "0.2",
"versions": {
"0.1": {
"digest": "0bc71f216c4ac89ba9b7637a411a16344b4072483f43d0f6b95b7ace6b1e473c",
"deprecated": false
},
"0.2": {
"digest": "4b4f399a2cfa628dbcbee420717807e060a74ff5839d742351c8cad1b42fa15d",
"deprecated": false
}
},
"long_description": "RGV0ZWN0IGV4cGxvaXRhdGlvbiBvZiBvd25jbG91ZCBDVkUtMjAyMy00OTEwMwoKUmVmOiBodHRwczovL252ZC5uaXN0Lmdvdi92dWxuL2RldGFpbC9DVkUtMjAyMy00OTEwMwo=",
"content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMApuYW1lOiBjcm93ZHNlY3VyaXR5L0NWRS0yMDIzLTQ5MTAzCmRlc2NyaXB0aW9uOiAiRGV0ZWN0IG93bmNsb3VkIENWRS0yMDIzLTQ5MTAzIGV4cGxvaXRhdGlvbiBhdHRlbXB0cyIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWydodHRwX2FjY2Vzcy1sb2cnLCAnaHR0cF9lcnJvci1sb2cnXSAmJiBMb3dlcihldnQuTWV0YS5odHRwX3BhdGgpIGNvbnRhaW5zICcvb3duY2xvdWQvYXBwcy9ncmFwaGFwaS92ZW5kb3IvbWljcm9zb2Z0L21pY3Jvc29mdC1ncmFwaC90ZXN0cy9nZXRwaHBpbmZvLnBocCcKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgdHlwZTogZXhwbG9pdAogIHJlbWVkaWF0aW9uOiB0cnVlCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBhdHRhY2suVDExOTAKICAgIC0gY3ZlLkNWRS0yMDIzLTQ5MTAzCiAgc3Bvb2ZhYmxlOiAxCiAgY29uZmlkZW5jZTogMgogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAib3duY2xvdWQgQ1ZFLTIwMjMtNDkxMDMiCiAgc2VydmljZTogb3duY2xvdWQK",
"description": "Detect owncloud CVE-2023-49103 exploitation attempts",
"author": "crowdsecurity",
"labels": {
"behavior": "http:exploit",
"classification": [
"attack.T1595",
"attack.T1190",
"cve.CVE-2023-49103"
],
"confidence": 2,
"label": "owncloud CVE-2023-49103",
"remediation": true,
"service": "owncloud",
"spoofable": 1,
"type": "exploit"
}
},
"crowdsecurity/CVE-2023-4911": {
"path": "scenarios/crowdsecurity/CVE-2023-4911.yaml",
"version": "0.5",
Expand Down
13 changes: 13 additions & 0 deletions .tests/cve-2023-49103/config.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
parsers:
- crowdsecurity/syslog-logs
- crowdsecurity/dateparse-enrich
- crowdsecurity/nginx-logs
scenarios:
- ./scenarios/crowdsecurity/CVE-2023-49103.yaml
postoverflows:
- ""
log_file: cve-2023-49103.log
log_type: nginx
labels: {}
ignore_parsers: true
override_statics: []
2 changes: 2 additions & 0 deletions .tests/cve-2023-49103/cve-2023-49103.log
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
1.2.3.4 - - [28/Nov/2023:09:41:29 +0100] "GET /owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php HTTP/1.1" 404 153 "-" "curl/7.68.0"
4.5.6.7 - - [28/Nov/2023:09:45:00 +0100] "GET /owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php HTTP/1.1" 200 153 "-" "curl/7.68.0"
Empty file added .tests/cve-2023-49103/parser.assert
View file
Empty file.
37 changes: 37 additions & 0 deletions .tests/cve-2023-49103/scenario.assert
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
len(results) == 2
"4.5.6.7" in results[0].Overflow.GetSources()
results[0].Overflow.Sources["4.5.6.7"].IP == "4.5.6.7"
results[0].Overflow.Sources["4.5.6.7"].Range == ""
results[0].Overflow.Sources["4.5.6.7"].GetScope() == "Ip"
results[0].Overflow.Sources["4.5.6.7"].GetValue() == "4.5.6.7"
results[0].Overflow.Alert.Events[0].GetMeta("datasource_path") == "cve-2023-49103.log"
results[0].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
results[0].Overflow.Alert.Events[0].GetMeta("http_path") == "/owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php"
results[0].Overflow.Alert.Events[0].GetMeta("http_status") == "200"
results[0].Overflow.Alert.Events[0].GetMeta("http_user_agent") == "curl/7.68.0"
results[0].Overflow.Alert.Events[0].GetMeta("http_verb") == "GET"
results[0].Overflow.Alert.Events[0].GetMeta("log_type") == "http_access-log"
results[0].Overflow.Alert.Events[0].GetMeta("service") == "http"
results[0].Overflow.Alert.Events[0].GetMeta("source_ip") == "4.5.6.7"
results[0].Overflow.Alert.Events[0].GetMeta("timestamp") == "2023-11-28T09:45:00+01:00"
results[0].Overflow.Alert.GetScenario() == "crowdsecurity/CVE-2023-49103"
results[0].Overflow.Alert.Remediation == true
results[0].Overflow.Alert.GetEventsCount() == 1
"1.2.3.4" in results[1].Overflow.GetSources()
results[1].Overflow.Sources["1.2.3.4"].IP == "1.2.3.4"
results[1].Overflow.Sources["1.2.3.4"].Range == ""
results[1].Overflow.Sources["1.2.3.4"].GetScope() == "Ip"
results[1].Overflow.Sources["1.2.3.4"].GetValue() == "1.2.3.4"
results[1].Overflow.Alert.Events[0].GetMeta("datasource_path") == "cve-2023-49103.log"
results[1].Overflow.Alert.Events[0].GetMeta("datasource_type") == "file"
results[1].Overflow.Alert.Events[0].GetMeta("http_path") == "/owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php"
results[1].Overflow.Alert.Events[0].GetMeta("http_status") == "404"
results[1].Overflow.Alert.Events[0].GetMeta("http_user_agent") == "curl/7.68.0"
results[1].Overflow.Alert.Events[0].GetMeta("http_verb") == "GET"
results[1].Overflow.Alert.Events[0].GetMeta("log_type") == "http_access-log"
results[1].Overflow.Alert.Events[0].GetMeta("service") == "http"
results[1].Overflow.Alert.Events[0].GetMeta("source_ip") == "1.2.3.4"
results[1].Overflow.Alert.Events[0].GetMeta("timestamp") == "2023-11-28T09:41:29+01:00"
results[1].Overflow.Alert.GetScenario() == "crowdsecurity/CVE-2023-49103"
results[1].Overflow.Alert.Remediation == true
results[1].Overflow.Alert.GetEventsCount() == 1
1 change: 1 addition & 0 deletions collections/crowdsecurity/http-cve.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ Works with [apache2](https://hub.crowdsec.net/author/crowdsecurity/collections/a
- [Netgear DGN1000 / DGN2200 Remote Command Execution](https://www.exploit-db.com/exploits/25978)
- [Confluence CVE-2023-22515](https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html)
- [Confluence CVE-2023-22518](https://confluence.atlassian.com/pages/viewpage.action?pageId=1311473907)
- [Owncloud CVE-2023-49103](https://nvd.nist.gov/vuln/detail/CVE-2023-49103)



Expand Down
1 change: 1 addition & 0 deletions collections/crowdsecurity/http-cve.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ scenarios:
- crowdsecurity/netgear_rce
- crowdsecurity/CVE-2023-22515
- crowdsecurity/CVE-2023-22518
- crowdsecurity/CVE-2023-49103
author: crowdsecurity
description: "Detect CVE exploitation in http logs"
tags:
Expand Down
3 changes: 3 additions & 0 deletions scenarios/crowdsecurity/CVE-2023-49103.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
Detect exploitation of owncloud CVE-2023-49103

Ref: https://nvd.nist.gov/vuln/detail/CVE-2023-49103
20 changes: 20 additions & 0 deletions scenarios/crowdsecurity/CVE-2023-49103.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
type: trigger
format: 2.0
name: crowdsecurity/CVE-2023-49103
description: "Detect owncloud CVE-2023-49103 exploitation attempts"
filter: |
evt.Meta.log_type in ['http_access-log', 'http_error-log'] && Lower(evt.Meta.http_path) contains '/owncloud/apps/graphapi/vendor/microsoft/microsoft-graph/tests/getphpinfo.php'
groupby: "evt.Meta.source_ip"
blackhole: 2m
labels:
type: exploit
remediation: true
classification:
- attack.T1595
- attack.T1190
- cve.CVE-2023-49103
spoofable: 1
confidence: 2
behavior: "http:exploit"
label: "owncloud CVE-2023-49103"
service: owncloud
19 changes: 19 additions & 0 deletions taxonomy/scenarios.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -874,6 +874,25 @@
"CVE-2023-23397"
]
},
"crowdsecurity/CVE-2023-49103": {
"name": "crowdsecurity/CVE-2023-49103",
"description": "Detect owncloud CVE-2023-49103 exploitation attempts",
"label": "owncloud CVE-2023-49103",
"behaviors": [
"http:exploit"
],
"mitre_attacks": [
"TA0043:T1595",
"TA0001:T1190"
],
"confidence": 2,
"spoofable": 1,
"cti": true,
"service": "owncloud",
"cves": [
"CVE-2023-49103"
]
},
"crowdsecurity/CVE-2023-4911": {
"name": "crowdsecurity/CVE-2023-4911",
"description": "exploitation of CVE-2023-4911: segfaulting in dynamic loader",
Expand Down

0 comments on commit fd14dfe

Please sign in to comment.