alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/statuswml.cgi?"; nocase; http_uri; content:"ping"; nocase; http_uri; pcre:"/ping\s*=\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui"; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; classtype:web-application-attack; sid:2009670; rev:9;)

Added 2011-10-12 19:28:01 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/statuswml.cgi?"; nocase; http_uri; content:"ping"; nocase; http_uri; pcre:"/ping\s*=\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui"; classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; sid:2009670; rev:9;)

Added 2011-09-14 22:41:18 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET"; nocase; http_method; content:"/statuswml.cgi?"; nocase; http_uri; content:"ping"; nocase; http_uri; pcre:"/ping\s*=\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui"; classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Nagios; sid:2009670; rev:9;)

Added 2011-02-04 17:29:02 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Nagios; sid:2009670; rev:7;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SERVER Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SERVER/WEB_Nagios; sid:2009670; rev:7;)

Added 2009-10-06 14:19:03 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:5;)

Added 2009-08-06 14:30:36 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:5;)

Added 2009-08-06 14:30:36 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*(\x3a[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:4;)

Added 2009-08-04 11:45:37 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*(\x3a[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:4;)

Added 2009-08-04 11:45:37 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:3;)

Added 2009-08-03 22:00:35 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:3;)

Added 2009-08-03 22:00:35 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:3;)

Added 2009-08-03 13:53:34 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*(?:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[^\x26\x0D\x0A]*\x3B)/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:3;)

Added 2009-08-03 13:53:34 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:2;)

Added 2009-07-22 15:52:40 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Ui";classtype:web-application-attack; reference:bugtraq,35464; reference:url,doc.emergingthreats.net/2009670; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB/WEB_Nagios; sid:2009670; rev:2;)

Added 2009-07-22 15:52:40 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB Nagios statuswml.cgi Remote Arbitrary Shell Command Injection attempt"; flow:to_server,established; content:"GET "; depth:4; uricontent:"/statuswml.cgi?"; nocase; uricontent:"ping"; nocase; pcre:"/ping\s*=\s*[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/Ui";classtype:web-application-attack; reference:bugtraq,35464; sid:2009670; rev:1;)

Added 2009-07-22 14:06:21 UTC


Topic revision: r1 - 2011-10-12 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats