Snort mailing list archives
Re: New sig for detecting Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host RCE
From: Tyler Montier <tmontier () sourcefire com>
Date: Mon, 14 Aug 2017 09:37:45 -0400
Rmkml, Thanks for your submission. We will review the rules and get back to you when they're finished. Thanks, Tyler Montier Cisco Talos On Sat, Aug 12, 2017 at 4:37 PM, rmkml <rmkml () ligfy org> wrote:
Hi, Please check a new sig for detecting Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host Remote Command Execution attempt: alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"WEB-MISC Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host Remote Command Execution attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"Host|3a|"; nocase; http_header; content:"|3b|"; http_header; within:50; distance:0; pcre:"/^Host\x3a[^\n]{0,50}?\x3b/Hmi"; reference:url,cxsecurity.com/issue/WLB-2017080038; classtype:web-application-attack; sid:1; rev:1;) Don't forget check variables. Please send any comments. Regards @Rmkml _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- New sig for detecting Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host RCE rmkml (Aug 12)
- Re: New sig for detecting Ubiquiti Networks UniFi Cloud Key Firm v0.6.1 Host RCE Tyler Montier (Aug 14)