Snort mailing list archives

Netgear Arbitrary Command Execution sig

From: James Lay <jlay () slave-tothe-box net>
Date: Mon, 12 Dec 2016 14:31:32 -0700

I can't imagine anyone running a port 80 Netgear on the WAN side, but 
eh...stranger things have happened:

alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP 
Netgear Arbitrary Command Execution Attempt"; 
flow:established,to_server; content:"GET"; http_method; nocase; 
content:"/cgi-bin/|3B|"; http_uri; nocase; reference:url, 
http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers; 
reference:cve,2016-582384; classtype:attempted-dos; sid:xxxxxxx; rev:1;)

James

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!

Current thread:

Netgear Arbitrary Command Execution sig James Lay (Dec 12)
- Re: Netgear Arbitrary Command Execution sig Joshua Williams (Dec 12)
- Message not available
  - Re: [Emerging-Sigs] Netgear Arbitrary Command Execution sig James Lay (Dec 12)