diff --git a/.appsec-tests/vpatch-CVE-2024-38653/CVE-2024-38653.yaml b/.appsec-tests/vpatch-CVE-2024-38653/CVE-2024-38653.yaml new file mode 100644 index 00000000000..f901b2e56f6 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-38653/CVE-2024-38653.yaml @@ -0,0 +1,27 @@ +## autogenerated on 2025-05-09 17:07:29 +id: CVE-2024-38653 +info: + name: CVE-2024-38653 + author: crowdsec + severity: info + description: CVE-2024-38653 testing + tags: appsec-testing +http: + - raw: + - | + PUT /mdm/checkin HTTP/1.1 + Host: {{Hostname}} + Content-Type: application/xml + + + + %asd; + %c; + ]> + + cookie-reuse: true + matchers: + - type: status + status: + - 403 diff --git a/.appsec-tests/vpatch-CVE-2024-38653/config.yaml b/.appsec-tests/vpatch-CVE-2024-38653/config.yaml new file mode 100644 index 00000000000..26be4bb0cf5 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-38653/config.yaml @@ -0,0 +1,5 @@ +## autogenerated on 2025-05-09 17:07:29 +appsec-rules: + - ./appsec-rules/crowdsecurity/base-config.yaml + - ./appsec-rules/crowdsecurity/vpatch-CVE-2024-38653.yaml +nuclei_template: CVE-2024-38653.yaml diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-38653.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-38653.yaml new file mode 100644 index 00000000000..0c15925edad --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2024-38653.yaml @@ -0,0 +1,40 @@ +## autogenerated on 2025-05-09 17:07:29 +name: crowdsecurity/vpatch-CVE-2024-38653 +description: 'Detects XXE vulnerability in Ivanti Avalanche SmartDeviceServer via /mdm/checkin endpoint with XML payload.' +rules: + - and: + - zones: + - URI + transform: + - lowercase + match: + type: equals + value: /mdm/checkin + - zones: + - HEADERS + variables: + - content-type + transform: + - lowercase + match: + type: contains + value: application/xml + - zones: + - RAW_BODY + transform: + - lowercase + match: + type: contains + value: '