Snort mailing list archives
CVE-2017-17974 signatures
From: Y M via Snort-sigs <snort-sigs () lists snort org>
Date: Thu, 4 Jan 2018 18:09:38 +0000
Hi, The below signatures are for detecting attempted disclosure of credentials of the affected system. Opted for individual signatures as opposed to using pcre. No pcaps available for this one. alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP BA Systems BAS Web information disclosure attempt"; flow:to_server,established; content:"GET"; http_method; content:"/isc/"; fast_pattern:only; http_uri; content:"get_sid.aspx"; distance:0; http_uri; metadata:ruleset community, service http; reference:cve,2017-17974; reference:url,vuldb.com/?id.111184; reference:url,misteralfa-hack.blogspot.com/2017/12/ba-system-improper-access-control.html; classtype:attempted-user; sid:9000005; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP BA Systems BAS Web information disclosure attempt"; flow:to_server,established; content:"GET"; http_method; content:"/isc/"; fast_pattern:only; http_uri; content:"get_sid_js.aspx"; distance:0; http_uri; metadata:ruleset community, service http; reference:cve,2017-17974; reference:url,vuldb.com/?id.111184; reference:url,misteralfa-hack.blogspot.com/2017/12/ba-system-improper-access-control.html; classtype:attempted-user; sid:9000006; rev:1;) Thanks. YM
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- CVE-2017-17974 signatures Y M via Snort-sigs (Jan 04)
- Re: CVE-2017-17974 signatures Tyler Montier (Jan 08)