update appsec rules label and description (#885)

--------- Co-authored-by: GitHub Action <[email protected]>
crowdsecurity · Dec 15, 2023 · dbe024c · dbe024c
1 parent 0fe0f04
commit dbe024c
Show file tree

Hide file tree

Showing 21 changed files with 268 additions and 152 deletions.
diff --git a/.index.json b/.index.json
diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2017-9841.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2017-9841
-description: "Detect CVE-2017-9841 exploits "
+description: "PHPUnit RCE (CVE-2017-9841)"
 rules:
   - and:
     - zones:
@@ -15,7 +15,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "PHPUnit RCE (CVE-2017-9841)"
+  label: "PHPUnit RCE"
   classification:
    - cve.CVE-2017-9841
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2019-12989.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2019-12989
-description: "Detect CVE-2019-12989 exploits "
+description: "Citrix SQLi (CVE-2019-12989)"
 rules:
   - and:
     - zones:
@@ -35,7 +35,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "citrix SQLi (CVE-2019-12989)"
+  label: "Citrix SQLi"
   classification:
    - cve.CVE-2019-12989
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2020-11738.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2020-11738
-description: "Detect CVE-2020-11738 exploits "
+description: "Wordpress Snap Creek Duplicator - Path Traversal (CVE-2020-11738)"
 rules:
   - and:
     - zones:
@@ -29,7 +29,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Wordpress Snap Creek Duplicator (CVE-2020-11738)"
+  label: "Wordpress Snap Creek Duplicator"
   classification:
    - cve.CVE-2020-11738
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2021-22941.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2021-22941
-description: "Detect CVE-2021-22941 exploits "
+description: "Citrix RCE (CVE-2021-22941)"
 rules:
   - and:
     - zones:
@@ -27,7 +27,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Citrix RCE (CVE-2021-22941)"
+  label: "Citrix RCE"
   classification:
    - cve.CVE-2021-22941
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2021-3129.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2021-3129
-description: "Detect CVE-2021-3129 exploits "
+description: "Laravel with Ignition Debug Mode RCE (CVE-2021-3129)"
 rules:
   - and:
     - zones:
@@ -22,7 +22,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution (CVE-2021-3129)"
+  label: "Laravel with Ignition Debug Mode RCE"
   classification:
    - cve.CVE-2021-3129
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-27926.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2022-27926
-description: "Detect CVE-2022-27926 exploits "
+description: "Zimbra Collaboration XSS (CVE-2022-27926)"
 rules:
   - and:
     - zones:
@@ -23,7 +23,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Zimbra Collaboration (ZCS) - Cross Site Scripting (CVE-2022-27926)"
+  label: "Zimbra Collaboration (ZCS) - XSS"
   classification:
    - cve.CVE-2022-27926
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-35914.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2022-35914
-description: "Detect CVE-2022-35914 exploits "
+description: "GLPI RCE (CVE-2022-35914)"
 rules:
   - and:
     - zones:
@@ -16,7 +16,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "GLPI <=10.0.2 - Remote Command Execution (CVE-2022-35914)"
+  label: "GLPI RCE"
   classification:
    - cve.CVE-2022-35914
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-44877.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2022-44877
-description: "Detect CVE-2022-44877 exploits "
+description: "CentOS Web Panel 7 RCE (CVE-2022-44877)"
 rules:
   - and:
     - zones:
@@ -22,7 +22,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "CentOS Web Panel 7 RCE (CVE-2022-44877)"
+  label: "CentOS Web Panel 7 RCE"
   classification:
    - cve.CVE-2022-44877
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2022-46169.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2022-46169
-description: "Detect CVE-2022-46169 exploits "
+description: "Cacti RCE (CVE-2022-46169)"
 rules:
   - and:
     - zones:
@@ -23,7 +23,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Cacti <=1.2.22 - Remote Command Injection (CVE-2022-46169)"
+  label: "Cacti <=1.2.22 - RCE"
   classification:
    - cve.CVE-2022-46169
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-20198.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-20198
-description: "Detect CVE-2023-20198 exploits "
+description: "CISCO IOS XE Account Creation (CVE-2023-20198)"
 rules:
   - and:
     - zones:
@@ -20,7 +20,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "CISCO IOS XE account creation (CVE-2023-20198)"
+  label: "CISCO IOS XE account creation"
   classification:
    - cve.CVE-2023-20198
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-22515.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-22515
-description: "Detect CVE-2023-22515 exploits "
+description: "Atlassian Confluence Privesc (CVE-2023-22515)"
 rules:
   - and:
     - zones:
@@ -29,7 +29,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Atlassian Confluence Privesc (CVE-2023-22515)"
+  label: "Atlassian Confluence Privesc"
   classification:
    - cve.CVE-2023-22515
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-24489.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-24489
-description: "Detect CVE-2023-24489 exploits "
+description: "Citrix ShareFile RCE (CVE-2023-24489)"
 rules:
   - and:
     - zones:
@@ -33,7 +33,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Citrix ShareFile RCE (CVE-2023-24489)"
+  label: "Citrix ShareFile RCE"
   classification:
    - cve.CVE-2023-24489
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-33617.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-33617
-description: "Detect CVE-2023-33617 exploits "
+description: "Atlassian Confluence Privesc (CVE-2023-33617)"
 rules:
   - and:
     - zones:
@@ -62,7 +62,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Atlassian Confluence Privesc (CVE-2023-33617)"
+  label: "Atlassian Confluence Privesc"
   classification:
    - cve.CVE-2023-33617
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-34362.yaml
@@ -1,6 +1,6 @@
 
 name: crowdsecurity/vpatch-CVE-2023-34362
-description: "Detect CVE-2023-34362 exploits "
+description: "MOVEit Transfer RCE (CVE-2023-34362)"
 rules:
   - and:
     - zones:
@@ -44,7 +44,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "MOVEit Transfer - Remote Code Execution (CVE-2023-34362)"
+  label: "MOVEit Transfer RCE"
   classification:
    - cve.CVE-2023-34362
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-3519.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-3519
-description: "Detect CVE-2023-3519 exploits "
+description: "Citrix RCE (CVE-2023-3519)"
 rules:
   - and:
     - zones:
@@ -29,7 +29,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Citrix RCE (CVE-2023-3519)"
+  label: "Citrix RCE"
   classification:
    - cve.CVE-2023-3519
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-38205.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-38205
-description: "Detect CVE-2023-38205 exploits "
+description: "Adobe ColdFusion Access Control Bypass (CVE-2023-38205)"
 rules:
   - and:
     - zones:
@@ -15,7 +15,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Adobe ColdFusion access control bypass (CVE-2023-38205)"
+  label: "Adobe ColdFusion Access Control Bypass"
   classification:
    - cve.CVE-2023-38205
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-40044.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-40044
-description: "Detect CVE-2023-40044 exploits "
+description: "WS_FTP .NET deserialize RCE (CVE-2023-40044)"
 rules:
   - and:
     - zones:
@@ -28,7 +28,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "WS_FTP .NET deserialize RCE (CVE-2023-40044)"
+  label: "WS_FTP .NET deserialize RCE"
   classification:
    - cve.CVE-2023-40044
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-42793.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-42793
-description: "Detect CVE-2023-42793"
+description: "JetBrains Teamcity Auth Bypass (CVE-2023-42793)"
 rules:
   - zones:
     - URI
@@ -14,7 +14,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "JetBrains Teamcity auth bypass (CVE-2023-42793)"
+  label: "JetBrains Teamcity Auth Bypass"
   classification:
    - cve.CVE-2023-42793
    - attack.T1595

diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2023-50164.yaml
@@ -1,5 +1,5 @@
 name: crowdsecurity/vpatch-CVE-2023-50164
-description: "Detect CVE-2023-50164 exploits "
+description: "Apache Struts2 Path Traversal (CVE-2023-50164)"
 rules:
   - and:
     - zones:
@@ -28,7 +28,7 @@ labels:
   confidence: 3
   spoofable: 0
   behavior: "http:exploit"
-  label: "Apache Struts2 (CVE-2023-50164)"
+  label: "Apache Struts2 Path Traversal"
   classification:
    - cve.CVE-2023-50164
    - attack.T1595