Versions (4)
Version DetailsCurrent
Rev: 2 • Apr 21, 2020, 12:00 PMET EXPLOIT IBM Data Risk Manager Arbitrary File Download Attempt
alert http any any -> $HOME_NET any (msg:"ET EXPLOIT IBM Data Risk Manager Arbitrary File Download Attempt"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:38; content:"/albatross/eurekaservice/fetchLogFiles"; fast_pattern; http.content_type; content:"application/json"; nocase; http.request_body; content:"|22|logFileNameList|22 3a 22|../"; reference:url,github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md; classtype:trojan-activity; sid:2029990; rev:2; metadata:attack_target Server, created_at 2020_04_21, deployment Perimeter, deployment Datacenter, deployment SSLDecrypt, performance_impact Low, confidence High, signature_severity Major, updated_at 2026_05_15;)
Apr 21, 2020, 12:00 PM
May 15, 2026, 12:00 PM
Sep 21, 2024, 3:00 AM
May 15, 2026, 8:34 PM
rules/emerging-exploit.rules