alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Apache Struts RCE CVE-2018-11776 POC M1"; flow:to_server,established; content:"memberAccess"; http_uri; content:"allowStaticMethodAccess"; http_uri; distance:0; content:"java.lang.Runtime|25|40getRuntime().exec("; http_uri; nocase; fast_pattern; distance:0; content:".getInputStream()"; http_uri; content:"java.io.InputStreamReader("; http_uri; content:"java.io.BufferedReader("; http_uri; content:".read("; http_uri; content:"org.apache.struts2.ServletActionContext"; http_uri; content:"getResponse().getWriter()"; http_uri; metadata: former_category EXPLOIT; reference:url,github.com/jas502n/St2-057/blob/master/README.md; reference:cve,2018-11776; classtype:attempted-user; sid:2026025; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2018_08_23, updated_at 2018_08_23;)

Added 2018-09-13 19:55:07 UTC


Added 2018-09-13 18:02:26 UTC


alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Apache Struts RCE CVE-2018-11776 POC M1"; flow:to_server,established; content:"memberAccess"; http_uri; content:"allowStaticMethodAccess"; http_uri; distance:0; content:"java.lang.Runtime|25|40getRuntime().exec("; http_uri; nocase; fast_pattern; distance:0; content:".getInputStream()"; http_uri; content:"java.io.InputStreamReader("; http_uri; content:"java.io.BufferedReader("; http_uri; content:".read("; http_uri; content:"org.apache.struts2.ServletActionContext"; http_uri; content:"getResponse().getWriter()"; http_uri; metadata: former_category EXPLOIT; reference:url,github.com/jas502n/St2-057/blob/master/README.md; reference:cve,2018-11776; classtype:attempted-user; sid:2026025; rev:1; metadata:affected_product Web_Server_Applications, attack_target Web_Server, deployment Perimeter, signature_severity Major, created_at 2018_08_23, updated_at 2018_08_23;)

Added 2018-08-23 18:13:08 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats