POLICY-OTHER --
POLICY-OTHER Apache OFBiz EntitySQLProcessor arbitrary SQL command execution attempt
This rule looks for HTTP requests sent to the "EntitySQLProcessor" endpoint in Apache OFBiz web applications that contain arbitrary SQL commands.
This rule fires on attempts to invoke the "EntitySQLProcessor" endpoint in Apache OFBiz web applications. This endpoint allows for the execution of arbitrary SQL commands. Before the patch for CVE-2024-38856, this endpoint did not require any authentication.
Public information/Proof of Concept available
Known false positives, with the described conditions
This rule alerts on all attempts to execute arbitrary SQL commands via the "sqlCommand" parameter via the "/EntitySQLProcessor" endpoint on Apache OFBiz web applications.
Cisco Talos Intelligence Group
MITRE::ATT&CK Framework::Enterprise::Initial Access::Exploit Public-Facing Application
Rule Categories::Policy::Other
N/A
Not Applicable
CVE-2024-38856 |
Loading description
|