Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE-2015-2795 DotNetNuke

From: Tyler Montier <tmontier () sourcefire com>
Date: Fri, 10 Feb 2017 10:19:50 -0500
Dear Yaser,

Thanks for your submission. We will review and test the rule and get back
to you when they're finished.

Sincerely

Tyler Montier
Cisco Talos


On Fri, Feb 10, 2017 at 4:17 AM, Y M <snort () outlook com> wrote:


Hello,


I am not sure if this is still relevant. The affected version in the CVE
is 07.04.00, they are on 9.0.1 now. This was only sanity checked. No pcaps
available.


alert tcp $EXTERNAL_NET any -> HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP
DotNetNuke administration authentication bypass attempt";
flow:to_server,established; content:"/InstallWizard.aspx?";
fast_pattern:only; http_uri; content:"__VIEWSTATE="; distance:0; http_uri;
content:"&culture="; distance:0; http_uri; content:"&executeinstall";
distance:0; http_uri; metadata:ruleset community, service http;
reference:cve,2015-2794; reference:url,www.exploit-db.com/exploits/39777;
classtype: attempted-admin; sid:1000823;)


Thank you.

YM

------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure
to stay up to date to catch the most <a href="
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: