Versions (2)
Version DetailsCurrent
Rev: 4 • Dec 19, 2018, 12:00 PMET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246)
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Kibana Attempted LFI Exploitation (CVE-2018-17246)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/api/console/api_server?sense_version="; depth:38; fast_pattern; content:"SENSE_VERSION&apis="; pcre:"/^(?:\.\.\/){2,}/R"; reference:url,www.bleepingcomputer.com/news/security/file-inclusion-bug-in-kibana-console-for-elasticsearch-gets-exploit-code/; classtype:attempted-user; sid:2026739; rev:4; metadata:attack_target Web_Server, created_at 2018_12_19, cve CVE_2018_17246, deployment Perimeter, performance_impact Low, signature_severity Major, updated_at 2020_08_27;)
Dec 19, 2018, 12:00 PM
Aug 27, 2020, 12:00 PM
Dec 19, 2018, 12:00 PM
May 31, 2024, 9:00 PM
rules/emerging-web_specific_apps.rules