Snort mailing list archives
Re: CVE-2017-9097 signature
From: Tyler Montier <tmontier () sourcefire com>
Date: Mon, 8 Jan 2018 10:54:20 -0500
Yaser, Thanks for your submission. we will review the rules and get back to you when they're finished. Do you have PCAPS available for this CVE? Thanks, Tyler Montier, Cisco Talos On Thu, Jan 4, 2018 at 1:12 PM, Y M via Snort-sigs < snort-sigs () lists snort org> wrote:
Hi, The below signature attempts at detecting directory traversal on the affected system. Subsequent attacks use the retrieved credentials to perform rce. alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"SERVER-WEBAPP Anti-Web industrial OT directory traversal attempt"; flow:to_server,established; content:"POST"; http_method; content:"/cgi-bin/write.cgi"; fast_pattern:only; http_uri; content:"page=/"; http_client_body; content:"&template=../"; distance:0; http_client_body; metadata:ruleset community, service http; reference:cve,2017-9097; reference:url,github.com/ ezelf/AntiWeb_testing-Suite/blob/master/LFI/anti-web-v1.py; classtype:attempted-user; sid:9000010; rev:1;) Thanks. YM _______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is- the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
_______________________________________________ Snort-sigs mailing list Snort-sigs () lists snort org https://lists.snort.org/mailman/listinfo/snort-sigs Please visit http://blog.snort.org for the latest news about Snort! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette Visit the Snort.org to subscribe to the official Snort ruleset, make sure to stay up to date to catch the most <a href=" https://snort.org/downloads/#rule-downloads">emerging threats</a>!
Current thread:
- CVE-2017-9097 signature Y M via Snort-sigs (Jan 04)
- Re: CVE-2017-9097 signature Tyler Montier (Jan 08)