improve descriptions for apache path traversal (#1186)

* improve descriptions for apache path traversal * Update index * Update taxonomy --------- Co-authored-by: GitHub Action <[email protected]>
crowdsecurity · Dec 3, 2024 · 7493041 · 7493041
1 parent 7c6fdab
commit 7493041
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 10 deletions.
diff --git a/.index.json b/.index.json
@@ -13479,7 +13479,7 @@
   },
   "crowdsecurity/http-cve-2021-41773": {
    "path": "scenarios/crowdsecurity/http-cve-2021-41773.yaml",
-   "version": "0.2",
+   "version": "0.3",
    "versions": {
     "0.1": {
      "digest": "297eff27011c942a75937838e09c60c80f9dfdbfcb18b358b666777b4d1e89aa",
@@ -13488,10 +13488,14 @@
     "0.2": {
      "digest": "3cd742ad69889bee2644daf08c4eef1c14359fdf67e3642542d157e0c1bc0382",
      "deprecated": false
+    },
+    "0.3": {
+     "digest": "f3fa755209fab221d6bbe04abd835c6539034cd72521725f960cdb36157e4313",
+     "deprecated": false
     }
    },
-   "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCmRlc2NyaXB0aW9uOiAiY3ZlLTIwMjEtNDE3NzMiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgKFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8uJTJFLy4lMkUvIgogICAgICBvcgogICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8lMkUlMkUvJTJFJTJFIikKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGN2ZS5DVkUtMjAyMS00MTc3MwogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ1ZFLTIwMjEtNDE3NzMiCiAgc2VydmljZTogYXBhY2hlCiAgcmVtZWRpYXRpb246IHRydWUK",
-   "description": "cve-2021-41773",
+   "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKbmFtZTogY3Jvd2RzZWN1cml0eS9odHRwLWN2ZS0yMDIxLTQxNzczCmRlc2NyaXB0aW9uOiAiQXBhY2hlIC0gUGF0aCBUcmF2ZXJzYWwgKENWRS0yMDIxLTQxNzczKSIKZmlsdGVyOiB8CiAgZXZ0Lk1ldGEubG9nX3R5cGUgaW4gWyJodHRwX2FjY2Vzcy1sb2ciLCAiaHR0cF9lcnJvci1sb2ciXSBhbmQgCiAgICAoVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyAiLy4lMkUvLiUyRS8iCiAgICAgIG9yCiAgICAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyAiLyUyRSUyRS8lMkUlMkUiKQpncm91cGJ5OiAiZXZ0Lk1ldGEuc291cmNlX2lwIgpibGFja2hvbGU6IDJtCmxhYmVsczoKICBjb25maWRlbmNlOiAzCiAgc3Bvb2ZhYmxlOiAwCiAgY2xhc3NpZmljYXRpb246CiAgICAtIGF0dGFjay5UMTE5MAogICAgLSBhdHRhY2suVDE1OTUKICAgIC0gY3ZlLkNWRS0yMDIxLTQxNzczCiAgYmVoYXZpb3I6ICJodHRwOmV4cGxvaXQiCiAgbGFiZWw6ICJDVkUtMjAyMS00MTc3MyIKICBzZXJ2aWNlOiBhcGFjaGUKICByZW1lZGlhdGlvbjogdHJ1ZQo=",
+   "description": "Apache - Path Traversal (CVE-2021-41773)",
    "author": "crowdsecurity",
    "labels": {
     "behavior": "http:exploit",
@@ -13509,7 +13513,7 @@
   },
   "crowdsecurity/http-cve-2021-42013": {
    "path": "scenarios/crowdsecurity/http-cve-2021-42013.yaml",
-   "version": "0.2",
+   "version": "0.3",
    "versions": {
     "0.1": {
      "digest": "5f7e21b44bc4284dde1cde1610109a06a0c986777f48c2f00e08db9e2f156459",
@@ -13518,10 +13522,14 @@
     "0.2": {
      "digest": "0ed92efba1d5146795df08340c91535aee56e9a0e2d650c2496f46ecb977314f",
      "deprecated": false
+    },
+    "0.3": {
+     "digest": "b9e598a8e063f525a16ba78488787da5d409141c3a8b2665263654d92745e59a",
+     "deprecated": false
     }
    },
-   "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKI3RoaXMgaXMgZ2V0dGluZyBmdW5ueSwgaXQncyB0aGUgdGhpcmQgcGF0Y2ggb24gdG9wIG9mIGN2ZS0yMDIxLTQxNzczCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1jdmUtMjAyMS00MjAxMwpkZXNjcmlwdGlvbjogImN2ZS0yMDIxLTQyMDEzIgpmaWx0ZXI6IHwKICBldnQuTWV0YS5sb2dfdHlwZSBpbiBbImh0dHBfYWNjZXNzLWxvZyIsICJodHRwX2Vycm9yLWxvZyJdIGFuZCAKICAgIFVwcGVyKGV2dC5NZXRhLmh0dHBfcGF0aCkgY29udGFpbnMgIi8lJTMyJTY1JSUzMiU2NS8iCmdyb3VwYnk6ICJldnQuTWV0YS5zb3VyY2VfaXAiCmJsYWNraG9sZTogMm0KbGFiZWxzOgogIHNlcnZpY2U6IGFwYWNoZQogIGNvbmZpZGVuY2U6IDMKICBzcG9vZmFibGU6IDAKICBjbGFzc2lmaWNhdGlvbjoKICAgIC0gYXR0YWNrLlQxMTkwCiAgICAtIGF0dGFjay5UMTU5NQogICAgLSBjdmUuQ1ZFLTIwMjEtNDIwMTMKICBiZWhhdmlvcjogImh0dHA6ZXhwbG9pdCIKICBsYWJlbDogIkNWRS0yMDIxLTQyMDEzIgogIHJlbWVkaWF0aW9uOiB0cnVlCg==",
-   "description": "cve-2021-42013",
+   "content": "dHlwZTogdHJpZ2dlcgpmb3JtYXQ6IDIuMAojZGVidWc6IHRydWUKI3RoaXMgaXMgZ2V0dGluZyBmdW5ueSwgaXQncyB0aGUgdGhpcmQgcGF0Y2ggb24gdG9wIG9mIGN2ZS0yMDIxLTQxNzczCm5hbWU6IGNyb3dkc2VjdXJpdHkvaHR0cC1jdmUtMjAyMS00MjAxMwpkZXNjcmlwdGlvbjogIkFwYWNoZSAtIFBhdGggVHJhdmVyc2FsIChDVkUtMjAyMS00MjAxMykiCmZpbHRlcjogfAogIGV2dC5NZXRhLmxvZ190eXBlIGluIFsiaHR0cF9hY2Nlc3MtbG9nIiwgImh0dHBfZXJyb3ItbG9nIl0gYW5kIAogICAgVXBwZXIoZXZ0Lk1ldGEuaHR0cF9wYXRoKSBjb250YWlucyAiLyUlMzIlNjUlJTMyJTY1LyIKZ3JvdXBieTogImV2dC5NZXRhLnNvdXJjZV9pcCIKYmxhY2tob2xlOiAybQpsYWJlbHM6CiAgc2VydmljZTogYXBhY2hlCiAgY29uZmlkZW5jZTogMwogIHNwb29mYWJsZTogMAogIGNsYXNzaWZpY2F0aW9uOgogICAgLSBhdHRhY2suVDExOTAKICAgIC0gYXR0YWNrLlQxNTk1CiAgICAtIGN2ZS5DVkUtMjAyMS00MjAxMwogIGJlaGF2aW9yOiAiaHR0cDpleHBsb2l0IgogIGxhYmVsOiAiQ1ZFLTIwMjEtNDIwMTMiCiAgcmVtZWRpYXRpb246IHRydWUK",
+   "description": "Apache - Path Traversal (CVE-2021-42013)",
    "author": "crowdsecurity",
    "labels": {
     "behavior": "http:exploit",

diff --git a/scenarios/crowdsecurity/http-cve-2021-41773.yaml b/scenarios/crowdsecurity/http-cve-2021-41773.yaml
@@ -2,7 +2,7 @@ type: trigger
 format: 2.0
 #debug: true
 name: crowdsecurity/http-cve-2021-41773
-description: "cve-2021-41773"
+description: "Apache - Path Traversal (CVE-2021-41773)"
 filter: |
   evt.Meta.log_type in ["http_access-log", "http_error-log"] and 
     (Upper(evt.Meta.http_path) contains "/.%2E/.%2E/"

diff --git a/scenarios/crowdsecurity/http-cve-2021-42013.yaml b/scenarios/crowdsecurity/http-cve-2021-42013.yaml
@@ -3,7 +3,7 @@ format: 2.0
 #debug: true
 #this is getting funny, it's the third patch on top of cve-2021-41773
 name: crowdsecurity/http-cve-2021-42013
-description: "cve-2021-42013"
+description: "Apache - Path Traversal (CVE-2021-42013)"
 filter: |
   evt.Meta.log_type in ["http_access-log", "http_error-log"] and 
     Upper(evt.Meta.http_path) contains "/%%32%65%%32%65/"

diff --git a/taxonomy/scenarios.json b/taxonomy/scenarios.json
@@ -3734,7 +3734,7 @@
   },
   "crowdsecurity/http-cve-2021-41773": {
     "name": "crowdsecurity/http-cve-2021-41773",
-    "description": "cve-2021-41773",
+    "description": "Apache - Path Traversal (CVE-2021-41773)",
     "label": "CVE-2021-41773",
     "behaviors": [
       "http:exploit"
@@ -3753,7 +3753,7 @@
   },
   "crowdsecurity/http-cve-2021-42013": {
     "name": "crowdsecurity/http-cve-2021-42013",
-    "description": "cve-2021-42013",
+    "description": "Apache - Path Traversal (CVE-2021-42013)",
     "label": "CVE-2021-42013",
     "behaviors": [
       "http:exploit"