#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1"; flow:to_server,established; content:"Content-Length|3a|"; nocase; content:"{"; content:"}"; content:"java|2e|"; nocase; content:"|2e|ognl"; fast_pattern:only; pcre:"/^Content-Length\x3a[^\r\n]*?\{(?=[^\r\n]*java\.)[^\r\n]*\.ognl[^\r\n]*\}/mi"; classtype:web-application-attack; sid:2024094; rev:1;)

Added 2017-05-05 16:59:01 UTC


#alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET DELETED Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1"; flow:to_server,established; content:"Content-Length|3a|"; nocase; content:"{"; content:"}"; content:"java|2e|"; nocase; content:"|2e|ognl"; fast_pattern:only; pcre:"/^Content-Length\x3a[^\r\n]*?\{(?=[^\r\n]*java\.)[^\r\n]*\.ognl[^\r\n]*\}/mi"; metadata: former_category WEB_SPECIFIC_APPS; classtype:web-application-attack; sid:2024094; rev:1;)

Added 2017-03-21 17:46:22 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1"; flow:to_server,established; content:"Content-Length|3a|"; nocase; content:"{"; content:"}"; content:"java|2e|"; nocase; content:"|2e|ognl"; fast_pattern:only; pcre:"/^Content-Length\x3a[^\r\n]*?\{(?=[^\r\n]*java\.)[^\r\n]*\.ognl[^\r\n]*\}/mi"; classtype:web-application-attack; sid:2024094; rev:1;)

Added 2017-03-20 20:33:41 UTC


alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"ET WEB_SPECIFIC_APPS Possible Apache Struts OGNL Expression Injection (CVE-2017-5638) (Content-Length) M1"; flow:to_server,established; content:"Content-Length|3a|"; nocase; content:"{"; content:"}"; content:"java|2e|"; nocase; content:"|2e|ognl"; fast_pattern:only; pcre:"/^Content-Length\x3a[^\r\n]*?\{(?=[^\r\n]*java\.)[^\r\n]*\.ognl[^\r\n]*\}/mi"; classtype:web-application-attack; sid:2024094; rev:1;)

Added 2017-03-20 19:16:56 UTC


Topic revision: r1 - 2017-05-05 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats