Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fw: CVE-2017-6316 Signature

From: Tyler Montier <tmontier () sourcefire com>
Date: Mon, 31 Jul 2017 09:27:35 -0400
Yaser,

Thanks for your submission. We will review the rule and get back to you
when it's finished.

Thanks,

Tyler Montier
Cisco Talos

On Mon, Jul 31, 2017 at 8:29 AM, Y M via Snort-sigs <
snort-sigs () lists snort org> wrote:


Sent these to the old list address.


Hello.


Below signature is derived from the references available within the
signature. May be split the signature into two, one for CloudBridge and the
other for the SDN version? No pcap is available, sorry.


alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-OTHER
Citrix NetScaler CloudBridge/SD-WN session cookie privilege escalation
attempt"; flow:to_server; content:"POST"; http_method;
content:"/global_data/"; fast_pattern:only; http_uri; pcre:"/Cookie\x3a\x20(
CGISESSID|CAKEPHP)\x3d[a-f0-9]{32}\x60/H"; reference:cve,2017-6316;
reference:url,support.citrix.com/article/CTX225990; reference:url,
vuldb.com/?id.104319; reference:url,www.exploit-db.com/exploits/42345/;
metadata:ruleset community, service http; classtype:attempted-admin;
sid:110001; rev:1;)


Thanks.

YM

_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure
to stay up to date to catch the most <a href="
https://snort.org/downloads/#rule-downloads";>emerging threats</a>!



_______________________________________________
Snort-sigs mailing list
Snort-sigs () lists snort org
https://lists.snort.org/mailman/listinfo/snort-sigs

http://www.snort.org

Please visit http://blog.snort.org for the latest news about Snort!

Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a 
href=" https://snort.org/downloads/#rule-downloads";>emerging threats</a>!
Previous By Date Next
Previous By Thread Next

Current thread: