alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT VMware VeloCloud? Authorization Bypass (CVE-2019-5533)"; flow:established,to_server; content:"|7b 22|jsonrpc|22 3a 22|"; http_client_body; depth:12; content:"/getEnterpriseUser|22|"; http_client_body; distance:0; fast_pattern; content:",|22|params|22 3a 7b 22|id|22 3a|"; http_client_body; distance:0; pcre:"/^(?P\d+)\x7d,\x22id\x22\x3a(?P=num_value)/PR"; content:"POST"; http_method; metadata: former_category EXPLOIT; reference:cve,2019-5533; classtype:attempted-admin; sid:2028928; rev:2; metadata:deployment Perimeter, signature_severity Major, created_at 2019_10_31, performance_impact Low, updated_at 2019_10_31;)

Added 2019-10-31 21:41:36 UTC


alert http $EXTERNAL_NET any -> any any (msg:"ET EXPLOIT VMware VeloCloud? Authorization Bypass (CVE-2019-5533)"; flow:established,to_server; content:"|7b 22|jsonrpc|22 3a 22|"; http_client_body; depth:12; content:"/getEnterpriseUser|22|"; http_client_body; distance:0; fast_pattern; content:",|22|params|22 3a 7b 22|id|22 3a|"; http_client_body; distance:0; pcre:"/^(?P\d+)\x7d,\x22id\x22\x3a(?P=num_value)/PR"; content:"POST"; http_method; metadata: former_category EXPLOIT; reference:cve,2019-5533; classtype:attempted-admin; sid:2028928; rev:2; metadata:deployment Perimeter, signature_severity Major, created_at 2019_10_31, performance_impact Low, updated_at 2019_10_31;)

Added 2019-10-31 21:08:52 UTC


Topic revision: r1 - 2019-11-01 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by Perl This site is powered by the TWiki collaboration platformCopyright © Emerging Threats