alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT WinRAR? WinAce? Containing CVE-2018-20250 Inbound - Path Traversal leading to RCE"; flow:established,from_server; content:"200"; http_stat_code; file_data; content:"**ACE**"; offset:7; depth:7; fast_pattern; content:"|00|"; distance:0; pcre:"/^(?:(\S\:\\){2,}|\S\:\\\S\:\S\:|S\:\\\\\\([0-9]{1,3}\.){3}[0-9]{1,3}|\S\:\\\\\\([a-z0-9\-]{1,30}\.){1,8}[a-z]{1,8})/R"; metadata: former_category EXPLOIT; classtype:trojan-activity; sid:2027310; rev:2; metadata:attack_target Client_Endpoint, deployment Perimeter, cve 2018_20250, tag WinRAR?, tag ACE, signature_severity Major, created_at 2019_05_01, performance_impact Moderate, updated_at 2019_05_01;)

Added 2019-05-01 17:22:13 UTC


Topic revision: r1 - 2019-05-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats