#alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand? Attempt"; flow:established,to_server; content:"/zport/dmd/Devices/devices/localhost/manage_doUserCommand"; nocase; http_uri; content:"commandId="; http_uri; nocase; distance:0; pcre:"/commandId\x3D[a-z]/Ui"; reference:url,www.securityfocus.com/bid/37843; reference:url,doc.emergingthreats.net/2010762; classtype:web-application-attack; sid:2010762; rev:7; metadata:created_at 2010_07_30, updated_at 2010_07_30;)

Added 2017-08-07 21:03:54 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand? Attempt"; flow:established,to_server; content:"/zport/dmd/Devices/devices/localhost/manage_doUserCommand"; nocase; http_uri; content:"commandId="; http_uri; nocase; distance:0; pcre:"/commandId\x3D[a-z]/Ui"; reference:url,www.securityfocus.com/bid/37843; reference:url,doc.emergingthreats.net/2010762; classtype:web-application-attack; sid:2010762; rev:6;)

Added 2013-06-25 16:54:19 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand? Attempt"; flow:established,to_server; content:"/zport/dmd/Devices/devices/localhost/manage_doUserCommand"; nocase; http_uri; uricontent:"commandId="; http_uri; nocase; distance:0; pcre:"/commandId\x3D[a-z]/Ui"; reference:url,www.securityfocus.com/bid/37843; reference:url,doc.emergingthreats.net/2010762; classtype:web-application-attack; sid:2010762; rev:5;)

Added 2013-06-13 17:08:19 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand? Attempt"; flow:established,to_server; uricontent:"/zport/dmd/Devices/devices/localhost/manage_doUserCommand"; nocase; uricontent:"commandId="; nocase; pcre:"/\x2Fzport\x2Fdmd\x2FDevices\x2Fdevices\xFlocalhost\x2Fmanage\x5FdoUserCommand.+commandId\x3D[a-z]/Ui"; reference:url,www.securityfocus.com/bid/37843; reference:url,doc.emergingthreats.net/2010762; classtype:web-application-attack; sid:2010762; rev:2;)

Added 2011-10-12 19:30:31 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand? Attempt"; flow:established,to_server; uricontent:"/zport/dmd/Devices/devices/localhost/manage_doUserCommand"; nocase; uricontent:"commandId="; nocase; pcre:"/\x2Fzport\x2Fdmd\x2FDevices\x2Fdevices\xFlocalhost\x2Fmanage\x5FdoUserCommand.+commandId\x3D[a-z]/Ui"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/37843; reference:url,doc.emergingthreats.net/2010762; sid:2010762; rev:2;)

Added 2011-09-14 22:43:42 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand? Attempt"; flow:established,to_server; uricontent:"/zport/dmd/Devices/devices/localhost/manage_doUserCommand"; nocase; uricontent:"commandId="; nocase; pcre:"/\x2Fzport\x2Fdmd\x2FDevices\x2Fdevices\xFlocalhost\x2Fmanage\x5FdoUserCommand.+commandId\x3D[a-z]/Ui"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/37843; reference:url,doc.emergingthreats.net/2010762; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss; sid:2010762; rev:2;)

Added 2011-02-04 17:30:24 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Zenoss Cross Site Request Forgery UserCommand? Attempt"; flow:established,to_server; uricontent:"/zport/dmd/Devices/devices/localhost/manage_doUserCommand"; nocase; uricontent:"commandId="; nocase; pcre:"/\x2Fzport\x2Fdmd\x2FDevices\x2Fdevices\xFlocalhost\x2Fmanage\x5FdoUserCommand.+commandId\x3D[a-z]/Ui"; classtype:web-application-attack; reference:url,www.securityfocus.com/bid/37843; reference:url,doc.emergingthreats.net/2010762; reference:url,www.emergingthreats.net/cgi-bin/cvsweb.cgi/sigs/WEB_SPECIFIC_APPS/WEB_Zenoss; sid:2010762; rev:2;)

Added 2010-02-03 13:07:52 UTC


Topic revision: r1 - 2017-08-08 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats