alert http any any -> $HOME_NET 5984 (msg:"ET EXPLOIT Apache CouchDB? JSON Remote Privesc Attempt (CVE-2017-12636)"; flow: established,to_server,only_stream; content:"PUT"; http_method; content:"/_config/query_servers/cmd"; urilen:26; pcre:"/^\s*[\x22\x27]/P"; content:"Authorization|3a 20|Basic"; http_header; metadata: former_category EXPLOIT; reference:cve,2017-12636; reference:url,; classtype:attempted-admin; sid:2025432; rev:2; metadata:deployment Datacenter, signature_severity Major, created_at 2018_03_13, performance_impact Moderate, updated_at 2018_03_13;)

Added 2018-03-13 17:08:43 UTC

Topic revision: r1 - 2018-03-13 - TWikiGuest
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats