Initial Access Intelligence

VulnCheck Initial Access Intelligence provides organizations the detection artifacts, such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs, to defend against initial access vulnerabilities, already exploited or likely to be soon.

GET /v3/index/initial-access?cve=CVE-2023-22527

    {
  "data": [
    {
      "cve": "CVE-2023-22527",
      "inKEV": true,
      "inVCKEV": true,
      "artifacts": [
        {
          "vendor": "Confluence",
          "product": [
            "Confluence Server",
            "Confluence Data Center"
          ],
          "dateAdded": "2024-01-22T00:00:00Z",
          "artifactName": "Confluence Template Injection (text-inline.vm)",
          "exploit": true,
          "versionScanner": true,
          "pcap": true,
          "suricataRule": true,
          "snortRule": true,
          "yara": true,
          "nmapScript": true,
          "zeroday": false,
          "targetService": "HTTP",
          "targetDocker": true,
          "shodanQueries": [
            "https://www.shodan.io/search?query=%2Bhttp.favicon.hash%3A-305179312+%22X-Confluence-Request-Time%22+%2B%22Set-Cookie%3A+JSESSIONID%3D%22+%2Bhtml%3A%22confluence-context-path%22",
            "https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22JSESSIONID%22+%2Bhtml%3A%22atlassian-authentication-plugin%22+-%22145DF9C4CDE560B2699212692B867CDA%22",
            "https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22Set-Cookie%3A+JSESSIONID%22+%2Bhtml%3A%22SAML+POST+Binding%22"
          ],
          "censysQueries": [
            "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=labels%3A+%60atlassian-confluence%60+and+services.banner%3A%22Set-Cookie%3A+JSESSIONID%22"
          ],
          "greynoiseQueries": [
            "https://viz.greynoise.io/query?gnql=raw_data.web.paths%3A%22%2Ftemplate%2Faui%2Ftext-inline.vm%22",
            "https://viz.greynoise.io/tag/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527"
          ],
          "shodanRawQueries": [
            "+http.favicon.hash:-305179312 \"X-Confluence-Request-Time\" +\"Set-Cookie: JSESSIONID=\" +html:\"confluence-context-path\"",
            "X-Confluence-Request-Time +\"JSESSIONID\" +html:\"atlassian-authentication-plugin\" -\"145DF9C4CDE560B2699212692B867CDA\"",
            "X-Confluence-Request-Time +\"Set-Cookie: JSESSIONID\" +html:\"SAML POST Binding\""
          ],
          "censysRawQueries": [
            "labels: `atlassian-confluence` and services.banner:\"Set-Cookie: JSESSIONID\""
          ],
          "cloneSSHURL": "git@git.vulncheck.com:vulncheck/initial-access.git"
        }
      ],
      "_timestamp": "2024-08-31T00:22:25.801484Z"
    }
  ]
}

VulnCheck Platform

Why VulnCheck Initial Access Intelligence

Focused on What Matters

Unlike other emerging threat feeds, VulnCheck Initial Access focuses on vulnerabilities that matter, not simply vulnerabilities that are easy to collect PCAPs for.

Exclusively Initial Access

Initial Access vulnerabilities, a subset of Remote Code Execution vulnerabilities, are the most dangerous vulnerabilities for organizations as they result in remote, unauthenticated, no-click, data breaches.

Detection Artifacts Early

VulnCheck Initial Access Intelligence provides early detection artifacts to implement defenses quickly, such as Suricata signatures, YARA rules, and PCAPs.

Private Exploit PoCs

When vulnerabilities break, it can be hard to know if you are protected. VulnCheck Initial Access Intelligence includes private exploit proof-of-concept code, which may be used to test your organizations defenses.

Ready to get Started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and

Vulnerability Prioritization
Prioritize vulnerabilities that matter based on the threat landscape and defer vulnerabilities that don't.
Early Warning System
Real-time alerting of changes in the vulnerability landscape so that you can take action before the attacks start.

Schedule a Demo