Initial Access Intelligence

VulnCheck Initial Access Intelligence provides organizations the detection artifacts, such as Suricata signatures, YARA rules, PCAPs, and private exploit PoCs, to defend against initial access vulnerabilities, already exploited or likely to be soon.

GET /v3/index/initial-access?cve=CVE-2023-22527

    {
  "data": [
    {
      "cve": "CVE-2023-22527",
      "inKEV": true,
      "inVCKEV": true,
      "artifacts": [
        {
          "vendor": "Confluence",
          "product": [
            "Confluence Server",
            "Confluence Data Center"
          ],
          "dateAdded": "2024-01-22T00:00:00Z",
          "artifactName": "Confluence Template Injection (text-inline.vm)",
          "exploit": true,
          "versionScanner": true,
          "pcap": true,
          "suricataRule": true,
          "snortRule": true,
          "yara": true,
          "nmapScript": true,
          "zeroday": false,
          "targetService": "HTTP",
          "targetDocker": true,
          "shodanQueries": [
            "https://www.shodan.io/search?query=%2Bhttp.favicon.hash%3A-305179312+%22X-Confluence-Request-Time%22+%2B%22Set-Cookie%3A+JSESSIONID%3D%22+%2Bhtml%3A%22confluence-context-path%22",
            "https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22JSESSIONID%22+%2Bhtml%3A%22atlassian-authentication-plugin%22+-%22145DF9C4CDE560B2699212692B867CDA%22",
            "https://www.shodan.io/search?query=X-Confluence-Request-Time+%2B%22Set-Cookie%3A+JSESSIONID%22+%2Bhtml%3A%22SAML+POST+Binding%22"
          ],
          "censysQueries": [
            "https://search.censys.io/search?resource=hosts&sort=RELEVANCE&per_page=25&virtual_hosts=INCLUDE&q=labels%3A+%60atlassian-confluence%60+and+services.banner%3A%22Set-Cookie%3A+JSESSIONID%22"
          ],
          "greynoiseQueries": [
            "https://viz.greynoise.io/query?gnql=raw_data.web.paths%3A%22%2Ftemplate%2Faui%2Ftext-inline.vm%22",
            "https://viz.greynoise.io/tag/atlassian-confluence-template-injection-rce-attempt-cve-2023-22527"
          ],
          "shodanRawQueries": [
            "+http.favicon.hash:-305179312 \"X-Confluence-Request-Time\" +\"Set-Cookie: JSESSIONID=\" +html:\"confluence-context-path\"",
            "X-Confluence-Request-Time +\"JSESSIONID\" +html:\"atlassian-authentication-plugin\" -\"145DF9C4CDE560B2699212692B867CDA\"",
            "X-Confluence-Request-Time +\"Set-Cookie: JSESSIONID\" +html:\"SAML POST Binding\""
          ],
          "censysRawQueries": [
            "labels: `atlassian-confluence` and services.banner:\"Set-Cookie: JSESSIONID\""
          ],
          "cloneSSHURL": "git@git.vulncheck.com:vulncheck/initial-access.git"
        }
      ],
      "_timestamp": "2024-08-31T00:22:25.801484Z"
    }
  ]
}

Why VulnCheck Initial Access Intelligence

Detection artifacts and private exploit PoCs, for initial access vulnerabilities, already exploited or likely to be soon.

Ready to get started?

Explore VulnCheck, a next-generation Cyber Threat Intelligence platform, which provides exploit and vulnerability intelligence directly into the tools, processes, programs, and systems that need it to outpace adversaries.