Snort mailing list archives
Re: CVE-2017-11587,11588 sigs
From: Tyler Montier <tmontier () sourcefire com>
Date: Tue, 15 Aug 2017 11:26:39 -0400
Yaser, Thank you for your submission. We will review the rules and get back to you as soon as they're finished. Sincerely, Tyler Montier Cisco Talos On Tue, Aug 15, 2017 at 11:14 AM, Y M via Snort-sigs < snort-sigs () lists snort org> wrote:
Hello, Below rules are derived from references. No pcaps available. alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Cisco DDR2200 ADSL gateway directory traversal attempt"; flow:to_server,established; content:"GET"; http_method; content:"/download.conf?filename=/"; fast_pattern:only; http_uri; metadata:ruleset community, service http; reference:cve,2017-11587; reference:url,seclists.org/fulldisclosure/2017/Jul/26; classtype:attempted-admin; sid:1100004; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Cisco DDR2200 ADSL gateway directory traversal attempt"; flow:to_server,established; content:"GET"; http_method; content:"/download.conf?filename=../"; fast_pattern:only; http_uri; metadata:ruleset community, service http; reference:cve,2017-11587; reference:url,seclists.org/fulldisclosure/2017/Jul/26; classtype:attempted-admin; sid:1100005; rev:1;) alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Cisco DDR2200 ADSL gateway privilege escalation attempt"; flow:to_server,established; content:"GET"; http_method; content:"/waitPingqry?showPingResult"; fast_pattern:only; http_uri; content:"&pingAddr=|3B 2F|"; http_uri; metadata:ruleset community, service http; reference:cve,2017-11588; reference:url,seclists.org/ fulldisclosure/2017/Jul/26; classtype:attempted-admin; sid:1100006; rev:1;) Thanks. YM _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs http://www.snort.org Please visit http://blog.snort.org for the latest news about Snort! Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- CVE-2017-11587,11588 sigs Y M via Snort-sigs (Aug 15)
- Re: CVE-2017-11587,11588 sigs Tyler Montier (Aug 15)