title: Confluence Exploitation CVE-2019-3398
id: e9bc39ae-978a-4e49-91ab-5bd481fc668b
status: test
description: Detects the exploitation of the Confluence vulnerability described in CVE-2019-3398
references:
    - https://devcentral.f5.com/s/articles/confluence-arbitrary-file-write-via-path-traversal-cve-2019-3398-34181
author: Florian Roth (Nextron Systems)
date: 2020-05-26
modified: 2023-01-02
tags:
    - attack.initial-access
    - attack.t1190
    - cve.2019-3398
    - detection.emerging-threats
logsource:
    category: webserver
detection:
    selection:
        cs-method: 'POST'
        cs-uri-query|contains|all:
            - '/upload.action'
            - 'filename=../../../../'
    condition: selection
falsepositives:
    - Unknown
level: critical