diff --git a/.appsec-tests/vpatch-CVE-2024-28752/CVE-2024-28752.yaml b/.appsec-tests/vpatch-CVE-2024-28752/CVE-2024-28752.yaml new file mode 100644 index 00000000000..f63f8d9b2c8 --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-28752/CVE-2024-28752.yaml @@ -0,0 +1,34 @@ +## autogenerated on 2026-07-01 13:06:32 +id: CVE-2024-28752 +info: + name: CVE-2024-28752 + author: crowdsec + severity: info + description: CVE-2024-28752 testing + tags: appsec-testing +http: + - raw: + - | + POST /test HTTP/1.1 + Host: {{Hostname}} + Content-Type: multipart/related; boundary=----nucleibound + + ------nucleibound + Content-Disposition: form-data; name="1" + + + + + + + + + + + + ------nucleibound-- + cookie-reuse: true + matchers: + - type: status + status: + - 403 diff --git a/.appsec-tests/vpatch-CVE-2024-28752/config.yaml b/.appsec-tests/vpatch-CVE-2024-28752/config.yaml new file mode 100644 index 00000000000..2cb02df749e --- /dev/null +++ b/.appsec-tests/vpatch-CVE-2024-28752/config.yaml @@ -0,0 +1,5 @@ +## autogenerated on 2026-07-01 13:06:32 +appsec-rules: + - ./appsec-rules/crowdsecurity/base-config.yaml + - ./appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml +nuclei_template: CVE-2024-28752.yaml diff --git a/appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml b/appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml new file mode 100644 index 00000000000..ab4b3e44dec --- /dev/null +++ b/appsec-rules/crowdsecurity/vpatch-CVE-2024-28752.yaml @@ -0,0 +1,31 @@ +## autogenerated on 2026-07-01 13:06:32 +name: crowdsecurity/vpatch-CVE-2024-28752 +description: 'Detects SSRF and local file read attempts in Apache CXF via XOP Include in multipart SOAP requests.' +rules: + - and: + - zones: + - URI + transform: + - lowercase + match: + type: contains + value: /test + - zones: + - RAW_BODY + transform: + - lowercase + match: + type: contains + value: '