Emerging Threatcriticaltest
CVE-2020-5902 F5 BIG-IP Exploitation Attempt
Detects the exploitation attempt of the vulnerability found in F5 BIG-IP and described in CVE-2020-5902
Convert In Phoenix Studio
Open this Sigma rule in the converter with the YAML preloaded and ready for backend selection.
Launch
Florian Roth (Nextron Systems)Created Sun Jul 05Updated Mon Jan 0244b53b1c-e60f-4a7b-948e-3435a79184782020
Emerging Threat
Active Threat
Developed to detect an active or emerging threat. Prioritize investigation of any alerts and correlate with threat intelligence.
Log Source
Web Server Log
CategoryWeb Server Log← raw: webserver
HTTP access logs from web servers capturing request paths, methods, and status codes.
Detection Logic
Detection Logic2 selectors
detection:
selection_base:
cs-uri-query|contains:
- '/tmui/'
- '/hsqldb'
selection_traversal:
cs-uri-query|contains:
- '..;/'
- '.jsp/..'
condition: selection_base and selection_traversalFalse Positives
Unknown
False positive likelihood has not been assessed. Additional context may be needed during triage.
MITRE ATT&CK
Tactics
Other
cve.2020-5902detection.emerging-threats
Rule Metadata
Rule ID
44b53b1c-e60f-4a7b-948e-3435a7918478
Status
test
Level
critical
Type
Emerging Threat
Created
Sun Jul 05
Modified
Mon Jan 02
Path
rules-emerging-threats/2020/Exploits/CVE-2020-5902/web_cve_2020_5902_f5_bigip.yml
Raw Tags
attack.initial-accessattack.t1190cve.2020-5902detection.emerging-threats