Snort mailing list archives
Offer a new sig for detecting TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock
From: rmkml <rmkml () ligfy org>
Date: Sun, 23 Oct 2016 00:53:17 +0200 (CEST)
Hi, The http://etplc.org open source project offer a new sig for detecting TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock: alert tcp $EXTERNAL_NET any -> $HOME_NET 1812 (msg:"WEB-MISC TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock attempt"; flow:to_server,established; content:"User-Agent|3A 20 28 29 20 7b|"; nocase; content:"/cgiCmdNotify"; nocase; reference:cve,2014-6271; reference:url,www.myhackerhouse.com/trendmicro-cve-2014-6271/; classtype:misc-attack; sid:1; rev:1;) See reference for more information. Don't forget check variables. Please send any comments. Regards @Rmkml ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Snort-sigs mailing list Snort-sigs () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Offer a new sig for detecting TrendMicro Interscan Web Security Virtual Appliance User-Agent ShellShock rmkml (Oct 22)