alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Unix)"; flow:established,to_server; content:"X-Auth-Token|3a| AuroraSdnToken?"; http_header; fast_pattern; content:"|7b 22|action|22 3a 22|uninstall|22 2c 22|name|22 3a 22|--pre-invoke="; http_client_body; content:"|5c 5c|x73|5c 5c|x68|5c 5c|x20|5c 5c|x2d|5c 5c|x63"; metadata: former_category EXPLOIT; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb; classtype:attempted-admin; sid:2026028; rev:1; metadata:attack_target Client_Endpoint, deployment Datacenter, signature_severity Major, created_at 2018_08_24, updated_at 2018_08_24;)

Added 2018-09-13 19:55:07 UTC


Added 2018-09-13 18:02:26 UTC


alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT HP Enterprise VAN SDN Controller Root Command Injection (Unix)"; flow:established,to_server; content:"X-Auth-Token|3a| AuroraSdnToken?"; http_header; fast_pattern; content:"|7b 22|action|22 3a 22|uninstall|22 2c 22|name|22 3a 22|--pre-invoke="; http_client_body; content:"|5c 5c|x73|5c 5c|x68|5c 5c|x20|5c 5c|x2d|5c 5c|x63"; metadata: former_category EXPLOIT; reference:url,github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hp_van_sdn_cmd_inject.rb; classtype:attempted-admin; sid:2026028; rev:1; metadata:attack_target Client_Endpoint, deployment Datacenter, signature_severity Major, created_at 2018_08_24, updated_at 2018_08_24;)

Added 2018-08-24 17:18:08 UTC


Topic revision: r1 - 2018-09-13 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats