Snort mailing list archives
Re: Fw: CVE-2017-6316 Signature
From: Tyler Montier <tmontier () sourcefire com>
Date: Mon, 31 Jul 2017 09:27:35 -0400
Yaser, Thanks for your submission. We will review the rule and get back to you when it's finished. Thanks, Tyler Montier Cisco Talos On Mon, Jul 31, 2017 at 8:29 AM, Y M via Snort-sigs < snort-sigs () lists snort org> wrote:
Sent these to the old list address. Hello. Below signature is derived from the references available within the signature. May be split the signature into two, one for CloudBridge and the other for the SDN version? No pcap is available, sorry. alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-OTHER Citrix NetScaler CloudBridge/SD-WN session cookie privilege escalation attempt"; flow:to_server; content:"POST"; http_method; content:"/global_data/"; fast_pattern:only; http_uri; pcre:"/Cookie\x3a\x20( CGISESSID|CAKEPHP)\x3d[a-f0-9]{32}\x60/H"; reference:cve,2017-6316; reference:url,support.citrix.com/article/CTX225990; reference:url, vuldb.com/?id.104319; reference:url,www.exploit-db.com/exploits/42345/; metadata:ruleset community, service http; classtype:attempted-admin; sid:110001; rev:1;) Thanks. YM _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- Fw: CVE-2017-6316 Signature Y M via Snort-sigs (Jul 31)
- Re: Fw: CVE-2017-6316 Signature Tyler Montier (Jul 31)